4 network security tips for the hybrid workplace
The best defense is a strong, proactive offense
If 2020 was the year of the pandemic, then 2021 could arguably be considered the year of the cyberattack. Gasoline suppliers, insurance companies, municipal water treatment plants, school districts, and even the New York Metropolitan Transportation Authority, have all been victims of data breaches or ransomware attacks this year.
While it’s mostly big businesses and high-profile hacks that make headlines, small to medium-sized businesses (SMBs) and organizations are also targets for bad actors — costing them downtime, data, business and revenue.
The best network defense is a strong, proactive security offense. Here are four tips for organizations looking to shore up their cybersecurity protocols and products:
1. Implement a mix of threat monitoring, firewalls and anti-virus solutions: Threat monitoring, firewalls and anti-virus solutions are all valuable cybersecurity measures, but they should be used in tandem with each other and alongside smart online hygiene practices, which are basic steps that network users should take to maintain the overall health and safety of the network and its data.
It’s important to select tools that frequently update to help protect against the newest threats, and cover every connected device on your network. Threat monitoring tools actively intervene to block malicious threats like malware, DDoS (distributed denial of service), ransomware, phishing and botnet infections. They also block employees and guests from accessing compromised websites and infected links.
Anti-virus tools detect and block malicious files, but many only block malware they recognize based on signatures that have been written into the AV software. Meanwhile, firewalls allow only authorized traffic or content using configured controls, like access denial to IP addresses known to deliver malware. Even if a malicious payload is delivered, firewalls can prevent it from communicating with control-and-command servers.
2. Manage devices and passwords for an extra layer of security:
Think about all of the connected devices on your business network. From company devices to employees’ personal phones and guest devices, each of them represents a potentially vulnerable endpoint, and each contains myriad pathways into your network through apps and systems. One weak password, bad password management, or a few errant keystrokes on a suspicious website can invite a breach.
Enact strong patch management policies or, even better, automate software updates. Not updating in a timely fashion can open you up to threats, as hackers become aware of loopholes and try to exploit them. Simultaneously, leverage a password management solution. Password management tools not only generate strong passwords, but store them for easy access. Be careful with external devices like flash drives. External devices can carry malware that’s loaded onto your device when connected. If they’re used with multiple devices on your network, infections can spread quickly.
3. Enact strong policies, practices: Embed a proactive security stance into your company’s DNA. By codifying certain elements of your cybersecurity approach through policy and process, you can ensure that cybersecurity remains an ongoing priority.
Select threat monitoring tools that frequently update to help protect against the newest threats and cover every connected device on your network. Simultaneously, operate a zero-trust environment, where no device or user, either inside or outside an organization, should be trusted inherently.
In addition, you can use virtual private networks when accessing sensitive applications remotely, as they allow employees to access company networks and systems through a secure connection.
All businesses should also back up and encrypt any personally identifiable information they collect, as well as any other potentially sensitive information, like company financials or intellectual property. Backups are not only a best practice – they can help with recovery in the event of a breach or ransomware attack.
4. Educate your users: When hackers succeed, it’s often because they targeted unsuspecting end users. In fact, well over half of the breaches that happen in the U.S. involve company insiders—either intentionally or accidentally.
Threats evolve over time, so make it a regular practice to formally train employees on online hygiene. If you don’t have anyone on staff, consider bringing in an outside trainer. Good online hygiene doesn’t just protect company information—it protects personal information, too.
It’s essential to not only mount defenses, but to also prepare a detailed plan outlining what to do if you do find yourself the victim of a cyberattack. Your plan should be detailed and clear in its prescribed steps for recovery. Include contingencies such as having to resume operations from an alternative location and how to respond if the breach occurs after hours or when response team members are away.
Designate cross-functional team members who should respond in the event of a breach, or have a cybersecurity consultant or contractor easily accessible to assist. For an in-house response team, ensure each member knows their roles and responsibilities in the event of a breach, and that they have the access and authority needed to carry out their responsibilities. Jobs would include identifying and isolating affected systems and devices, diagnosing how far an infection has spread, and more.
To help stay ready for what’s next, whether that might be costly malware, DDoS, ransomware, bots or a phishing attempt, organizations need to implement cybersecurity measures that include anti-virus programs, firewalls and network security solutions that proactively help protect all devices connected to your network.
Barry Bader is vice president for Comcast Business’ Greater Boston Region.