Businesses from a huge range of different industries and sectors are incredibly reliant on their IT network. Data about their business, products, employees and customers need to be effectively protected and securely maintained against cyber-attacks and other threats. That’s why it is absolutely vital that all businesses invest in sufficient IT network security, something that some small business managers might find daunting.
To explore this subject, we spoke to Jonathan Whitley of WatchGuard Technologies, asking him about the importance of keeping a business IT network secure. He provided us insights from the cutting edge of IT security as well as a few tips for those new to safely maintaining an IT infrastructure.
Find out what Jonathan had to say about securing a business’ IT network, here.
What would you say is the one essential tool, platform or process that all businesses need to keep their IT network secure?
We talk about visibility as the missing layer of information security, but really, it’s more like night vision goggles. It allows you to see into areas that were previously just a shadowy void. No matter how good your security may be, the threat landscape will continue to evolve. Since you can’t stop every attack, you need to have mechanisms that help you see, analyse, and respond to them before it’s too late.
In carrying out a network audit, what kind of things should be identified and assessed?
Having full visibility of network traffic is crucial; for example, being able to determine which ports are being used by what. WatchGuard recently added the ability for customers to store 30 days of data in the cloud by default, meaning that it is even easier and more cost-effective to have a historical and real-time snapshot of what is happening on your network. This process should also be combined with a means of seeing all the devices in your network.
How often should things like router information and anti-virus software be updated?
As often as needed! These types of updates are absolutely essential and should happen seamlessly in the background without the need for user intervention.
For small businesses where money may be an issue, are there any cheap – or even free – measures they can use to improve their security?
There are some readily-available tools and user groups that will help give some guidance, a good place to start is www.secplicity.org. However, it is also important to caution against looking at price as the only determining factor. The cost of maintaining a difficult to manage solution, or worse still having to pay for the aftermath of a malicious attack would certainly be the most expensive option of all.
If a business allows remote working, what can be done to ensure that the transmission of sensitive data is as secure and protected as possible?
Remote working is a fact for most businesses today, so securing remote workers is now just a given. The first things to get right are to ensure that you have a good level of encryption on all traffic by using a secure VPN client that provides point-to-point encryption. Equally important is to ensure that users are securely authenticated and, unfortunately, strong passwords are just not enough.
Having a strong Multi-Factor Authentication solution will ensure malicious users cannot be compromised even if a password has been cracked. Finally, ensuring your corporate web policy follows users even when they are not on the network is important. For example, using DNSWatchGo you can ensure that your mobile staff are protected from phishing attacks, as well as enforcing your web usage policy.
What can businesses do to educate their employees on network security?
There are a number of simple things that need to be done:
Ensure all your users read and understand the Acceptable Use policy. It is important to ensure not just the ‘what’ they can and cannot do but also ‘why’. Make sure the IT team understands that there is no such thing as a stupid question; users should feel encouraged to raise questions as it may be the thing that avoids a spear phishing attack.
Good anti-phishing tools should not only prevent phishing attacks, but they should also provide an education notice to users, so that they are better equipped next time to be more cautious.
Lastly, is there value in creating a formal security strategy?
In a word, yes. For businesses, regulations like GDPR mean that this is really not an option, but mandatory. In any case, without a policy it is hard to define good practice or guide your users to work in a more secure way.
We’d like to thank Jonathan for contributing to the Expert Interview series. If you enjoyed this, be sure to check out the first guide in our series:
CDL are one of the UK’s leading IT disposal companies, working alongside big-name brands in all industry sectors. To find out how we could help your business, or more of the latest tech news and advice, visit our homepage or call our team today on 0333 060 2846.