We lock our house when we go out; we lock our car when we park it; but is our network locked and protected from the bad guys when we are not looking? What about when we are looking?
One of the most overlooked components of a SMB network is security. Most users are content as long as their network shares, email and internet are working. What happens when a security incident hinders access to these core services? Can you afford the downtime or the publicity of a data breach? A pro-active approach to security should be taken so these types of service disruptions or breaches are mitigated or avoided.
You have probably purchased a firewall, anti-virus software, e-mail filtering, implemented security policies on your network; but are they effective? Have these products been implemented correctly? Are updates being done? Is somebody monitoring these services to ensure they are working as effectively as they should? Should you add another layer of defense utilizing new technology? These are the types of questions you should ask yourself and be able to answer without hesitation and with confidence.
Are you now questioning the security of your network? If so the first step is to perform a security assessment of your network. A proper security assessment will touch on all aspects of your network including but not limited to:
- Server/Workstation policy
- User security policy
- Firewall policy
- Penetration tests
- Network design
- Remote access
- Physical security
- End user education
End users are always the weakest link in the security of your network. Phishing attacks, social engineering, and BYOD targeted attacks are just several of the ways your users can unknowingly compromise the security of your business network. What can be done to better educate users on the dangers and ramifications of their actions when it comes to the security of your business network?
Something as simple as providing basic data security training for all end users can go a long way into protecting both business and personal information.
When performing a security assessment there is a process that is followed to ensure all items are addressed and the best choices are made depending on your needs.1. Assess Risk
- Evaluate current security practices, policy and procedures in use.
2. ID Gaps
- Identify the gaps in any practices, policy and procedures identified in step 1.
- Implement changes to fill any Gaps in the practices, policy and procedures identified in step 2.
- Monitor the changes implemented in step 3.
- Make slight modifications to the changes that were remediated in step 3.
6. Re-start the cycle of Assessing possible Risks that still exist.
Securing your network is akin to getting the oil changed in your car. It is something that should be performed on a regular re-occurring basis. It should give you piece of mind that everything that can be done to protect sensitive and valuable company data is being done. Just as locking your door at night helps you sleep better, so too should performing a security assessment of your network.