Last Updated on August 17, 2020 by Christopher G Mendla
Many small business networks are horrendously insecure. One insecure component can devastate your business
The following is a basic list of things that you should do to secure your network.
The threats
Vulnerabilities in your small office network can spell disaster. If your systems and office policies do not provide a secure environment, you can find yourself in financial and legal trouble.
The threats range from theft of personally identifiable information belonging to your employees and customers to ransomware.
Theft of Personal Identifiable Information (PII)
If you expose PII, especially if you were negligent, you could face legal action. In many cases this could be brought in Federal Court which makes defending your company much more expensive.
Ransomeware
Ransomware is where a malicious program is introduced into computers and networks. It encrypts the data. The perpetrators demand money in return for a key to decrypt your data.
Theft of services and goods.
Access to your systems could allow hackers to steal goods, services and money.
Prevention
Operating Sytems and software
Running older operating systems and software introduces vulnerabilities.
- Get rid of 32 bit versions of Windows. There are architectural differences in 32 bit versions of Windows that make that OS much more vulnerable to attacks. Switch to 64 bit versions. Most offices should have made this switch a while back.
- Get rid of XP, Windows 7 and Windows server versions prior to 2012. Unbelievably, there are organizations still running these end of life systems. The systems become more vulnerable every day. Get them off your network LAST MONTH.!! Believe it or not, there are still XP systems in production in 2020.
- Ensure all systems are patched. Operating systems and applications should constantly be patched. Zero day exploits mean that you are at risk until you apply the patch.
Backup your data
Many businesses don’t have a good backup plan. Among those who have thought it out, many don’t test their backup strategy on a regular basis.
- Have redundant backup systems including offsite backups. Attacks such as Cryptolocker could bankrupt a business overnight. Backups need to be redundant. They need to include offsite backups such as Carbonite and they need to be tested.
Network and workstation scanning and protection tools
There are many tools available that will help you analyze the security of your network and computers. Some of these include:
- Microsoft Baseline Security Analyzer – This is an easy to use, basic tool that will quickly analyze your servers and clients and highlight areas of weak security. You can download the tool from Microsoft.
- Corporate Antivirus – All machines need to be running a corporate antivirus such as Symantec Endpoint Protection. The protections system should be set up to provide email alerts to the system administrator. System reports should be reviewed daily if possible.
- Spiceworks – I’ve found Spiceworks to be a great tool that allows me to keep my finger on the pulse of the network. You can get reports on new devices, licensing issues and more.
- Protect your RDP against brute force attacks – In many cases, remote access to the server and clients is required. However, RDP is susceptible to brute force password attacks. I could not get policies set that would lock users out after a certain number of failed attempts I found a product called RDP Guard that is a low cost and effective tool to protect your RDP access from brute force attacks.
- Check the logs regularly – The Windows System and Security logs will provide some indication of problems. If you have RDP guard or a similar system in place, you should see no more than 3 failed login attempts from any single IP depending on how you configured the tools.
- Check devices such as routers and switches for default passwords – I visited a client that is only doing ‘break-fix’ at this point and no proactive measures. They just had their Comcast router replaced (The Comcast tech switched the router out without copying the port forwarding, wifi and other configurations). The tech also set the router password to the default password that Comcast uses for it’s customer’s business routers. Anyone with access to an Ethernet port and a laptop could easily access the router. Of course, I changed that. Also look for things such as wireless access points
- Do an IP scan to see if there are any devices that shouldn’t be there. Tools such as Advanced IP Scanner will show a list of all devices on your network. This will help identify situations where an employee has connected an unauthorized device such as a laptop.
- Run a packet sniffer periodically. Tools such as Wireshark or Capsa are helpful in checking your inbound and outbound traffic. If you see a lot of traffic between your system and an external IP, you can resolve that IP to see if the traffic is legitimate.
Policies – Computer and procedural
An overall security plan requires policies to control access. There are policies which can be implemented via the systems and there are other policies that should be spelled out in documents such as company handbooks.
- Active Directory and Global Policy Objects – I often run into networks where employees have access to information they should not have. For example, the lowest level employees had access to folders where board meeting and personnel information was stored. User rights should be reviewed regularly to ensure that there are no users with more permissions than they need
- Least Rights – All users should operate with the lowest level of rights that will still allow them to perform their duties.
- DON”T LET USERS WRITE THEIR PASSWORDS ON STICKY NOTES – This is a pet peeve. I don’t know how many times I’ve sat at a user’s workstation (Or even a server!!) and found a sticky note with all of the Id’s and Passwords. ARRRRGGGGHHH.. I can’t say any more and still stay within the professional decorum of this blog.
- Establish strict usage rules – Do not allow employees to install software and limit non work use of email and the internet.
- Policies regarding computer use – If your employees are working remotely, there should be clear policies regarding computer use covering items such as:
- Storage of company computers
- Connections to other devices in the home
- Prohibitions regarding public wifi
- Policies regarding protecting the monitor and conversations from eavesdropping.
- Spell out the allowable uses of company machines, emails and internet browsing.
- Specify that all uses of company computers, internet and email can be monitored.
Physical Access
Physical access is an important component in securing your organization. With the trend toward remote work due to Covid-19 restrictions, the concept of physical access becomes more complicated.
Physical access to servers. – In many small business environments, the physical location of the server is an afterthought. It only takes someone a few minutes to compromise a system if they have physical access to the server.