5 Simple Ways to Secure Your Network For Little to No Cost
Every business owner agrees that having a secure network should be one of their top priorities. Yet many fall short of adequately addressing their cybersecurity weaknesses because they feel they don’t have the time or money to properly do so. While organizations such as NIST and CIS are helping the cause by publishing and promoting comprehensive standards for cybersecurity practices that any company can follow, sorting through these dense security controls may still be a tall order for busy business leaders. So, here, we’ve done the leg work for you by highlighting a few of the most critical actions you can take to help secure your network without breaking the bank.
Develop an asset inventory
Our first step to reducing cybersecurity vulnerabilities is identifying precisely what hardware is connecting to your network. If you have robust security software installed on all the desktop computers in your office, but employees are accessing your network through their mobile phones, then what good will that software do you? Therefore, to better understand the full scope of your exposure, you should inventory every single asset that is allowed to access your systems. To do so, start by creating an asset inventory list that catalogs the following information:
- Serial #
- Physical Location
- OS/Firmware Version
- IP Address
- MAC Address
- Business Purpose
Assess what is installed on your devices
Similarly, taking stock of what software is installed on these devices is equally imperative. If an employee has downloaded pirated software on their laptop to save a few dollars, this could cause you legal problems or contain malware that will infect your systems. Popular mobile apps are also notorious for sometimes having excessive permissions hidden in their fine print. These are just a few reasons why it’s crucial that you limit what is allowed to be installed on any device that has access to your data. If you are already working with an MSP, they can help with this by using a Remote Monitoring and Management Tool (RMM) to generate asset reports and manage permissions remotely. But if you’re on your own, you should immediately investigate device-by-device all the programs installed on your systems and ask users to justify their need for them. Finally, to help create some clarity going forward, decide on a list of approved vendors that employees can select from when choosing software or applications to use.
Control administrative privileges
Another way to control what is being installed on your network is to restrict local administrative rights. If your employees have the requisite privileges, there’s always a chance they may install questionable software on your network either by accident or on purpose. By restricting access, you not only remove this possibility, but you also shrink the territory cyber-criminals can exploit if they gain access to one of your employees’ systems. Unfortunately, many companies hesitate to take this step because restricting access to your employees can make operations slightly more cumbersome. If this is an area of concern, Privileged Access Management (PAM) tools such as AutoElevate can help restore some level of convenience by giving you a centrally controlled program to monitor and authorize installations.
Keep software up-to-date
Those pesky notifications asking you to update your software aren’t just there to bother you. They often contain relevant security updates that either retroactively fix newly discovered vulnerabilities or proactively ward off emerging threats. An easy fix, keeping your software up-to-date is usually as simple as turning on automatic updates. A key component here is to make sure the software installed on hardware such as printers, scanners, and other network devices is also being constantly updated since these are often overlooked entry points for hackers.
Enable Multi-Factor Authentication
Finally, being intimately familiar with Multi-Factor Authentication (MFA) is an absolutely crucial step to secure your network. Multi-factor Authentication (a.k.a. Two-Step Authentication) helps deter unauthorized access by requiring another “factor” after entering your username and password. These most common ones are:
- Something you know – a pin or password
- Something you have – a USB key or your phone
- Something you are – a fingerprint or facial recognition
Although simple and effective, according to a study by Arete, 94% of ransomware victims they investigated did not have MFA enabled. This, despite data from Microsoft showing that MFA can block 99.9% of account attacks. Major companies such as Google and Microsoft offer MFA for free, and you can simply activate this feature on your own or call your vendor for assistance.
If you’re looking to dig deeper and discover more ways to secure your network or just have questions about how to best incorporate the methods mentioned above, don’t hesitate to contact me at firstname.lastname@example.org.