In 2020 46% of businesses, and 26% of charities suffered some form of cyberattack or data breach and 32% of businesses experienced some kind of threat at least once a week.[1] Cyberthreats are constant, and therefore any business, regardless of size, not prioritising security, will end up being a statistic.

What is network security?

Essentially, network security is any security measure – either hardware or software – which protects your network from the threat of cyber criminals.

These threats come in many forms, including:

·  Viruses

·  Malware

·  Spyware

·  Ransomware

If any of these threats has access to one device it can spread to any other (or all) on the network, quickly infecting your entire business.

A perfect example of how this works is the WannaCryransomware crypto worm attack, which completely floored the NHS in 2017. It infected more than 300,000 devices worldwide in more than 150 countries. It ended up costing the UK in excess of £92 million. The ransomware was targeting a vulnerability in Microsoft Windows 7, and infected machines which had not been patched for this vulnerability.

If there had been a robust Network Security Plan in place, this may never have happened.

What should a Network Security Plan include?

Every business, no matter how small should have a Network Security Plan in place, which outlines measures and processes and how these should be implemented across the company.

The key features of a robust Network Security Plan should include:

·   System Patching

These are automatic updates provided by the manufacturer of software and operating systems. These patches are mini-fixes for a variety of bugs, vulnerabilities and performance issues which have been noted after the release of the software or OS.

Including a Patch Management Policy into your Network Security Plan ensures that your networked (and non-networked) machines are up-to-date and protects your and your clients’ data as well as greatly reducing the threat from cyber criminals.

Microsoft report as many as 6,000 patches per year, but not all will be relevant to the machines within your business. You can either run the patches automatically,  or you can run patch testing to ensure the patch doesn’t ‘break’ another part of the network.  

·   Firewall

A firewall is either hardware or software depending on the size of the business, and acts as a breaker monitoring inbound and outbound traffic into the system.

Using a set of pre-determined criteria, it will block a number of sites or downloads which appear to be malevolent. They can also be set up to block certain sites such as social media or retail sites.

Many operating systems have a built-in firewall, but it is always worth looking into a more robust option or customising the settings to suit your business requirements.

·   Anti-virus/ransomware/malware software

In addition to a firewall it is essential to have the most up to date anti-virus, anti-malware and anti-ransomware software. These will prevent these types of applications being installed on your machine and will also run regular scans to ensure the network is malware and virus free.

Like any security software, it is important to run the updates (patches) otherwise this will open vulnerabilities making it easier to breach the network.

·   Access control

It almost goes without saying that not all staff within your organisation should have access to everything. Therefore, having a strict Access Control Policy will mean staff will only have access to the things they need to do their job.

From a security aspect, this means if a machine is infected with ransomware it will only have access to the things which that particular user has access to. Although this can still be damaging, it may prevent the entire network being infiltrated.

·   Email Security

Emails are the number one entry way for malicious software, and despite regular campaigns regarding phishing emails people still fall for it. There is additional email security software that can be installed to prevent such applications from being downloaded.

However, regular training and test emails to educate staff on phishing and the implications is incredibly valuable.

Implementing all of these measures across your business will immediately reduce cyber threats. However, this is an on-going process and it’s important to be on top of security updates at all times.  

What next?

If you feel your security measures may not be as robust as they could be contact SupportWise today for some no obligation advice.