I hardly need to labour the point that network security is essential in an age where companies of all sizes are hacked. Hardly a week goes by without data breach headlines in the mainstream media. 2021 is so exception so far, with high-profile hacks including LinkedIn, Parler (an almost complete website scraping in this case), Mimecast, U.S. Cellular and many more. The reasons for these successful breaches, which compromised the data and privacy of clients, ranged from targeted attacked, exploits on misconfigured cloud services and unsecured data to malware injection and scamming. Many of these data breaches could have been prevented. It makes you wonder why, in 2021, companies (large and small) are still so careless and cavalier with important client data, especially when you consider that lack of IT personnel or funds is not an issue for the global giants. Didn’t these companies have a simple checklist or basic code of practice for network security? Remember to protect all client data as if it were your own data by using encryption, authenticated access and any other precaution possible. Consider the following an overview or starting point for creating your own checklist.
The Basics
Let’s assume, as many do, that larger companies have a handle on the basic elements of network security. Firewalls are configured correctly. Administrators have a full list of their hardware and software and all security updates and patches are installed promptly. They have a robust backup procedure that ensures prompt restoration of company data even after a ransomware attack. Brilliant! Now what?
Despite the naysayers, password management is still an issue and not due to password length, authentication method or complexity but instead due to longevity i.e., passwords are in use too long without being changed.
Employees will also log into personal solutions during office hours and if part of a BYOD policy, ALL will have devices approved and with OS versions approved by IT? Again, let’s assume enterprises have no flaws in all these areas, despite almost daily reports of data breaches. Enterprise-level solutions seek to address more advanced problems…
SIEM, NGF and User Error Prevention
Modern network security is aimed at identifying emerging threats and reducing the impact of human error (which is still the biggest threat to your data). In fact, a recent joint study from Stanford University and Tessian indicates that 88% of all data breaches are caused by employee error. The Blame Game is not the solution here as the study also points out that “Your employees are focused on the job you hired them to do and when faced with to-do lists, distractions, and pressure to get things done quickly, cognitive loads become overwhelming and mistakes can happen.”
Therefore, recognising that security awareness training is not the entire solution and that employees are not cybersecurity experts, companies must use technology to help with the problem. While classified as enterprise solutions, most of them are available to smaller companies, whether it’s next-generation firewalls (NGFWs), analytics-driven security information and event management (SIEM) or remote solutions offered as-a-service. All companies should perform a risk assessment and identify their greatest threats to network and data security, then and then arranging a trial of available solutions.
Even a brief look at NGFWs will confirm they are a key step in enhancing cybersecurity, including basic firewall function with several additional benefits. These include intrusion detection systems (IDS), intrusion prevention systems (IPS), application awareness from Layer 2 to 7, reduced infrastructure footprint, and antivirus and malware protection. Finally, NGFWs do not affect your network speed. Surely, a worthy purchase that can help reduce user errors by blocking threats?
Email & Internet
Your anti-malware solution (if not part of a NGFW) must scan incoming emails and monitor internet traffic. Companies need to decide if they prefer to only allow certain websites (based on a whitelist) or block some (based on another list). Whatever you decide, security (and perhaps productivity is the primary consideration). Different companies will have different ideas on this and are free to do so, since company-owned equipment is involved. However, I’d advise against keyloggers, surveillance cameras and the like as they can affect employee morale.
Ransomware and Backups
There is always the possibility of an emerging threat penetrating your firewall and ransomware is the worst of these, requiring that a ransom is paid (and that we ‘trust’ the cybercriminal to act ethically?) or full restoration from clean backups. Therefore, your backup and disaster recovery plans must be fully tested and verified as working before the worst happens. It’s obviously too late when it’s discovered the backup is worthless. Industry practice is to have at least three backups with at least one air-gapped (drives or tapes stored in a fireproof safe, for example). Backup verification is worth emphasising… Ever heard of bit rot? It’s the death of hard drives, SSDs and tapes (all magnetic media, in fact) over time and underlines the need for regular backup or archive verification.
In conclusion, all the above and any additional technological solutions you wish to make to mitigate identified risks should be part of an overall IT policy, outlining security goals with examples and user scenarios where possible. Security is an ongoing task and is constantly evolving as new threats emerge. That is the reason for data backups, penetration tests, encryption and other processes. If BYOD is present, do you have a mobile device management (MDM) solution? An employee has left the company. How long do you wait before disabling the user account and all LAN credentials? How about DHCP? These and other questions are yours to answer when ensuring maximum LAN protection. How will you proceed, or do you already include all these recommendations in your security posture? If so, well done, you’re immediately ahead of many global companies…
