11 Network Security Best Practices
Many small business owners and directors at nonprofits know they want their networks to be secure, but they don’t know the specific types of protection they should implement.
With the volume of cyber attacks at all sized organizations at a critical level, we have found that best practices around network security involve stacking several defensive layers on top of one another.
Since no single security layer is infallible, implementing multiple layers of security greatly reduces the risks of cyber attackers inflicting financial damage on a business — even if they manage to penetrate one of the layers.
The first and most important step any organization should take is to perform a security audit to find out which of the following core security layers (as we call them) are missing — or are not being properly addressed.
We’ve concluded the list with the layer that, when addressed, will have the most impact on improved security.
1. Firewall Management
A firewall is the first line of defense for your network as a whole. Think of a firewall as a perimeter wall around a city.
Additional firewalls can also be installed internally, preventing an intruder from moving side-to-side within a network.
For example, if there is a firewall between the marketing and engineering departments, a malicious payload on a marketing user’s computer won’t be able to get at the data files on an engineering computer.
Firewall management means making sure that firewalls are letting safe packets of information enter and leave the network — while dropping unsafe packets at the point of entry or exit.
2. Antivirus & Critical Patch Management
Antivirus management is an important part of protecting a business from threats that could result in financial loss.
A specific brand of antivirus software should be common to all devices within an organization. The software installation and updates should be centrally administered.
One of the most important network security best practices is to keep all operating systems, software applications, and hardware appliances patched with the latest security updates.
New and previously unknown software and hardware vulnerabilities are continually identified and logged in a national vulnerability database. Vendors, in turn, react to newly discovered vulnerabilities by developing and distributing patches.
In most cases, newly released patches should be applied as soon as they are available. Because the volume of needed patches is too much to manage manually, automated patch management software is recommended.
3. Password Policy Enforcement
There is no shortage of cybersecurity experts who have been sounding the alarm bells on password security.
The best practices for passwords are straightforward:
1. Use passwords that are long and complex enough that are virtually immune to being cracked by brute force (trial and error)
2. Do not reuse the same password across different accounts
Left to their own devices, users often do not follow these best practices. For example, they will use passwords that can be cracked in minutes by a brute force attack.
Best practices need to become policy.
Within an organization, password policy can be enforced with a centrally-administered password management solution. In addition to being company-owned, a password manager generates unique, long passwords for every user account.
4. Multi-Factor Authentication
Many, but not all, cloud vendors are now requiring Multi-Factor Authentication (MFA) for users to access their accounts.
Multi-Factor Authentication (MFA) is a form of authentication that requires more than one method of verifying a user’s identity.
Traditionally, a texted or emailed code has been the second factor of authentication. However, these two methods are not the most secure.
Vendors are gradually moving to more secure mobile device apps and to hardware keys as methods of authentication.
The best practice is to not wait for the vendors. It is to start enforcing MFA across all user accounts.
5. Advanced Endpoint Detection & Response
Advanced Endpoint Detection & Response (EDR) provides an organization with the ability to detect, stop and respond to threats early in their attack life cycle — effectively nipping the threat in the bud.
Artificial intelligence is used to detect user behavior that is outside of normal patterns, such as a user trying to access a specific server for the first time.
This could be indicative of a compromised endpoint — in this case, a user’s computer. It could also be a sign of an insider threat.
EDR contains this type of threat within the endpoint.
As the last step, the EDR software provides guidance as to how to remediate a specific threat.
9 questions for determining your company’s vulnerability to a cyber attack
6. DNS Advanced Security
When an employee types a URL into a browser address bar, DNS is the service that converts the domain (amazon.com) into an IP address (18.104.22.168) for a computer or mobile device to connect to. DNS exists because domain names are a lot easier for people to remember than strings of numbers.
However, a hacker who infiltrates a network can create a fake DNS record for a domain that a user routinely types into their browser. The purpose is to route an unsuspecting user to an alternate IP address, which is a malicious, imitation website.
The user may give up their username or password to this fake site. They may enter a credit card number. Or, they may download malware.
A DNS protection solution prevents this and other DNS-related events.
7. Email Security
While cloud email service providers like Microsoft and Google have built-in spam filtering and phishing detection, they may not trap or flag all suspicious emails.
An additional layer of email security complements this built-in protection.
For example, an email security layer can inform users via banner alerts any time they receive an email for the first time from a specific sender address.
Imposter emails are sometimes sent from a “lookalike” domain that is one character different from the real domain. While a user may not visually pick up on the difference, email security software will alert the user that this is a first-time email from the sender.
An email security system can quarantine certain suspicious emails rather than being sent directly to spam, where they may never be seen. A quarantine report allows a user to request that sender be whitelisted.
8. Backup Services
The importance of data backup — and easy recovery — cannot be overstated.
In a worst-case scenario, when important business data files are encrypted (locked) by a ransomware attack, those files can be restored from a backup — often with just a few mouse clicks.
The associated best practice is to identify computers and drives that contain the business’s most important files and prioritize those for backup.
Just as movies and series can be streamed into a home, data can be continuously streamed from network computers onto a backup appliance and out to cloud storage.
Backup and recovery software lets a user easily recover individual files that were accidentally deleted or maliciously locked. An organization’s IT service provider can restore an entire computer if needed.
wait for the vendors. It is to start enforcing MFA across all user accounts.
9. Dark Web Monitoring
What if an employee’s username and password were stolen, but you don’t even know the theft happened?
If credentials are stolen, they may show up in an illicit marketplace on the dark web. Think of the dark web as an alternate — and mainly criminal — web universe that can only be entered using specific, but commonly available technologies.
What makes a single username & password pair valuable is precisely the password reuse problem mentioned in the previous section. If the same username & password pair is reused on multiple sites, a bad actor can buy a single set of credentials and then use an automated technique called “credential stuffing” to try this combination across a large number of different websites.
A dark web monitoring solution provides information as to whether any of your domain usernames are in a dark web marketplace. If a user’s credentials are spotted, immediate action, such as changing account passwords, can be taken.
10. A Cybersecurity Assessment
The goal of a cyber security assessment is to discover vulnerabilities and determine how to close security holes.
It begins with assigning relative financial values to different computers, servers, hardware devices, and software applications.
Next, the estimated cost of protecting each of these different assets needs to be compared to the value of each asset. In some cases, the investment would be well worth it. In other cases, the cost of protecting a particular asset cannot be justified.
Once priorities are established, a cyber protection plan can be formulated.
11. Security Awareness Training
You’ve likely heard this before, but it bears repeating — security awareness education and training for your employees and contractors is a critical part of network security.
Human error is the principal cause of 95% of security breaches.
If users are not continually reminded of and tested on different types of creative phishing and BEC (business email compromise) emails, then all the other security measures that you implement may be for naught.
With a BEC attack, someone imitates or “spoofs” the email account of a trusted individual such as a business owner or executive. The scammer may request a transfer of funds to a familiar-sounding account. Or, they may request copies of employee W-2 forms.
Social engineering — which is often in the form of an old-fashioned phone call — is another important area of staff education.
We live in a world where attackers have access to the most sophisticated tools ever created. Hackers are getting increasingly creative with their deceptive tactics.
When businesses and other organizations are able to implement all of the above-mentioned best practices, the chances of costly network security incidents are greatly decreased.