Small and mid-sized businesses are always doing more with less, and we’re about to add one more big priority to your plate: improving network security. Think your network is already secure? So did the folks at MGM Grand and Caesars Palace. But hackers recently managed to breach their networks. The breach brought all the fun to a halt at MGM and may have led to customer credit cards being stolen. Caesars’ systems, on the other hand, were held for a $30 million ransom.
You may be thinking, those casinos are part of multi-billion dollar corporations that have massive amounts of valuable data. Why would hackers go through all that trouble to meddle with my business? Because they think you are easier prey. And if a breach can happen to even the largest of companies where cybersecurity is already high on their list of priorities, then imagine what they are capable of doing to a smaller company that doesn’t have the proper security measures in place. Many hackers would prefer to go for smaller companies with less sophisticated business network security.
While MGM and Caesars can bear the burden of such an attack, the costs, lost business, and reputational damage may cause a small business to go under. That’s why we’re putting improved network security for your business at the top of your long to-do list.
We know it’s a lot to manage. We’ve put together these tips to help you take action.
1. Start Securing Your Network With the Basics
Let’s start with some immediate steps you can take to improve network security. You can get these done pretty quickly, and without breaking the bank.
Require Multi-Factor Authentication (MFA)
MFA requires users to take additional steps to prove who they are before logging into an application or the network. It’s a standard practice for most banks, so you may be familiar with it already if you use online banking. This is one of the fastest and most meaningful steps you can take to add a layer of security to your network. At a minimum, we recommend you use MFA for email, although it’s useful for all of your business applications.
Improve Password Management
Ideally, your employees should use a unique password for every application. But let’s be real. It’s highly unlikely. Passwords are hard to remember, especially when you have to throw in special characters and numbers. You can ensure employees use secure passwords and make things easier for them with password management tools like LastPass or Dashlane.
Even better, you can use an identity and access management (IAM) tool that allows for single sign-on. IAM platforms work like a portal that allow employees to access all the applications they use with a single username and password. The IAM handles password security behind the scenes so no one has to keep up with a bunch of complicated credentials.
2. Train Your Employees
Securing your network is a team effort. As advanced as network security technology gets, people will always be vulnerable to mistakes and trickery. Hackers know that, and they’re exploiting it. Phishing is particularly scary. It was responsible for 54% of ransomware attacks in 2020. Twenty-seven percent of attacks were due to poor user practices.
That’s why it’s so important to train employees on the role they play in preventing breaches. They want to do the right thing, but they need guidance. Here’s what to cover in your training:
- How to recognize suspicious emails, texts, links, and websites
- How to access the network securely, regardless of where they work from home, in the office, or a coffee shop in Costa Rica
- How to physically secure devices like laptops and cell phones, especially when they’re outside the office
- How to safely transfer data between devices
- How to respond if they think they’ve been the victim of an attack
Make network security training part of your onboarding process, and then host refresher sessions on a monthly basis.
3. Stay Updated on the Latest Attacks
Since cybercriminals are always one step ahead, you should be too. The types of attacks and tactics are always evolving, and they come from all angles. Here are some resources that provide the latest insights on network security for business:
- The Small Business Association has a ton of resources, including toolkits and weekly training sessions.
- The Cybersecurity and Infrastructure Security Agency (CISA), is a federal agency made up of big-time cybersecurity nerds. They maintain a ton of free resources, including a site dedicated to stopping ransomware and a tracker that shows all known software vulnerabilities, along with the actions you should take to address them.
- The National Cybersecurity Alliance is a nonprofit dedicated to ensuring everyone stays safe online. They offer a training program targeted to SMBs as well as guides that help you improve network security.
4. Treat Every Device Like It's Suspicious
Now that remote and hybrid work are the norm, old-school methods for business network security won’t work. And VPNs, for all their benefits, have become old-school. The problem with VPNs is that they're like having a tall fence with no other security measures:
- They provide broad network access. Once someone is authenticated, they can run amok in your applications and infrastructure.
- They don’t monitor the health of connected devices, so a hacked cell phone can get through and compromise the entire network.
- They were initially made to provide access to small teams within an organization. Because they don’t always scale well, it’s common to have to add more services on top of the VPN to make it work.
The alternative to VPN is zero trust. With zero trust network access, you can avoid all those issues and improve network security.
- Every network connection is treated as a potential threat until proven otherwise.
- Users must be authenticated every time they want to access network resources. Both their identity and the state of their device must be verified.
- User access is based on the principle of least privilege — they can only access the applications and resources they need to do their work.
5. Back Up Your Data at Least Weekly
Since ransomware has become such a major threat, it’s really important to regularly back up your business data. If someone tries to hold your network for ransom, you can restore it from the backup and tell them to kick rocks.
You should be backing up your data at least weekly. For highly sensitive data that would bring your business to a halt if it was lost? Back up more often — daily or even hourly. To add another layer of protection, store backups onsite and in the cloud. That way, if something happens to one of your backups, you have another to fall back on.
Secure Your Network to Secure Your Business
We don’t want to be all doom and gloom. But if you fall prey to hackers, then there will be a lot of, well, doom and gloom. Taking these steps is necessary to keep them at bay. If they penetrate your network, a single attack can lead to days of lost revenue and damage to your reputation. For SMBs, either of these can do serious harm to the business.
If it sounds overwhelming, we get it. And we can help. Ripple works with SMBs to make cybersecurity less of a hassle by creating strategies to keep your data safe and monitoring for threats in real time. We also can train your employees on how to improve network security.
We want to hear about your cybersecurity concerns. Book a 30-minute strategy session and we’ll offer up some solutions. It’s not a sales pitch — we promise. We’re here to help you secure your network so you can focus on your business.
Network Security FAQs
How can we improve network security?
There are several steps you can take to improve network security. Consider the following:
- Require strong passwords and multi-factor authentication, which can be done with identity and access management software.
- Train employees on cybersecurity awareness and what they can do to prevent attacks.
- Move away from VPNs and start using zero-trust tools to secure your network.
- Stay up to date on the latest threats and security measures.
- Regularly back up networks and infrastructure to quickly recover from an attack.
What is the first step in improving network security?
The first thing you can do to improve network security is to require multi-factor authentication (MFA) for users to access your network or applications. We recommend you use MFA across the board, but you can start with email. This is something you can do right away.
Why should we improve network security?
If your network isn’t secure, you’re vulnerable to attacks that could lead to the end of your business. A data breach can cause you to shut down your business until it’s fixed, or hackers may take control of your networks for ransom. If customer data is exposed in the breach, it can do lasting damage to your reputation. For a small business, any one of these issues may be impossible to recover from. Taking a proactive approach to network security helps to keep your business running.
Ripple's IT Team
Don't Fall Behind!
Get the latest work-from-home and Humans First® IT tips straight to your inbox.