Paying heed to network security strategy

The need for enterprise security becomes more evident with each attack, however most businesses only recognise the importance of network security after a security breach, which is just too late. The news is full of reports outlining the short and long term impact of a security breach at a bank or other financial institution, although all businesses are vulnerable.
The following are key guidelines for enterprises to consider when implementing a network security strategy:

Perform a security risk assessment

It is important to your business to identify and analyse potential threats. Each business is exposed to different types of threats, which can be overwhelming at times. A risk assessment of relevant threats provides a clear understanding of which risks are applicable to the business, how often it is expected to occur, and the estimated loss. This information enables a business to assess which risks to address first, and what type of remedial measures to adopt. A business may choose to accept few risks, where the annual loss expectancy is lower when compared to the cost of remediation.

Why is it critical for a business to evaluate the specific risks? A small company that completely depends on the internet for business will want to ensure a robust network security, when compared with a company that uses the Internet for less critical functions. The risks faced by a company that maintains multiple branch offices will be different from a company that does not have remote offices, or VPN access outside of the main office. Security risk assessment helps SMB’s stay ahead of evolving threats and vulnerabilities.

Create a clear security policy

Irrespective of the size of the business, every organisation must have a clear security policy in place. A policy that defines the usage of IT resources by employees is an absolute necessity these days. To provide the foundation for a secure network, it is important to create awareness and undertake user education about the policy and its objective. Something as basic as defining and enforcing a corporate password policy will help in strengthening security. Users need to identify their role in the security process, from not opening suspicious attachments, to not disclosing passwords. Risk assessment also helps identify areas where security policies need to be implemented.

Design a secure network

When designing a secure network, you should not rely on a single device or product for administrative purposes. Make sure to explore the security capabilities of your firewall or a router and confirm that software and servers are up-to-date. Employing application proxies for common applications and protocols is another way to ensure security by not revealing internal hosts to the internet. Also consider providing secure remote access with resilient authentication practices. It will benefit the business if the system uses the most updated quarantine technologies to identify remote devices with incompetent virus patches or security. In addition, secure the wireless network to prevent users who are not authorised from gaining access to the network resources.

Know your operating system

Keep track of the operating systems running on the network. This will help in understanding what vulnerabilities exist in each operating system in order to take relevant precautionary measures. Additionally, put in place an aggressive method of patching the operating system frequently to reduce exposure to vulnerabilities. Over the past few years, there has been a substantial reduction in the time gap between detection of vulnerabilities and attacks launched.

To tighten security, all servers must be toughened by eliminating redundant software and processes from the systems. For instance, the default installation of some operating systems will activate many types of programmes and services. If a particular programme or service is irrelevant to the business, the sensible decision is to eliminate it.

Personal firewalls

Most companies have implemented a ‘bring your own device’ (BYOD) policy for their employees. These devices are often used outside the office and connected to foreign networks, which can lead to security problems. And if a user picks up a bug while connected to a foreign network and subsequently connects to the corporate local area network (LAN),  the possibility of a network breach or infection is very high. Personal firewalls are necessary for devices that contain highly sensitive data. Using strong authentication or encryption is a smart way to reduce the risk of exposing company data.

Incident response plan

What will you do to address the aftermath of a security breach? The answer is to develop an organised method, an incident response plan to detect, respond and limit the impact of a security breach. Every business must have a plan in place to quickly respond in the event of an incident. For small businesses, it can be a consultant or an integrator. Users and system administrators must be well equipped to respond and follow incident response procedures. If there is a delay in response it can lead to corruption or loss of the evidence. The incident response plan should recognise and define the roles of each team member and specify the tools and technologies required to recover the breached data.

Security is absolutely worth investing in, and it is essential for any business in today’s technologically advanced, connected world. An effective network security strategy improves productivity, visibility, legislative compliance and controlling access to valuable data that is critical to the business. Implementation of an efficient network security system guarantees that the right people have the right level of access to critical data.

(The author is  Country Manager —Sales, Ixia Technologies, a provider of   testing, visibility, and security solutions to strengthen applications across physical and virtual networks)