7 tips to help secure your SMB’s network

SMBs are particularly vulnerable to cybercrime, often suffering devastating losses from lax network security. Why? Because small businesses tend to lack the resources and security expertise needed to plug up unsecured holes in a network. In a small office, security may be handled by an office administrator who knows just about enough to perform basic IT tasks. He or she often lacks the skills to identify and remedy weak security points. That's a problem because many SMBs will face the spectre of some kind of computer attack during the course of a year, and the downtime and loss of revenue from such attacks can do irreparable harm to a small business.

If you’re a business owner, it's your responsibility to ensure that your network and the data on it is protected. With that in mind, and to help your business stay on the right tracks, in this article I’m going to present you with seven handy tips for securing your SMB’s network.

Layered security is key

This is fundamental. Network security is not just about having an antivirus running on every desktop – it's all-inclusive. This means that any node on your network, wireless and wired, is protected. It also means that you have compliance rules that govern anything that is allowed to connect to your network. You must also have protective measures for data both at rest and in transit.

This means protecting not just data on servers and user machines, but data that goes in and out of your network, with security methods like encryption. Finally, you've got to keep control of mobile devices on your network, too. We'll expand on these ideas in the tips that follow, but it's important to understand the big picture: You've got to start thinking about protecting all the layers of your network.

Have a security policy

No matter the size of your company, best practice dictates that the best first step when it comes to SMB security is creating and documenting a security plan. Educate and familiarise employees with the plan. Keep it updated as you add and deploy new technology on the network. And most important of all, adhere to it.

UTMs help a great deal

Unified Threat Management devices can be a robust part of a layered security solution. UTMs are typically hardware devices containing firewall, content filtering, VPN, and intrusion detection technologies. Many SMB UTM devices are designed to be easily deployed without the need for dedicated IT support.

Secure endpoints

It's vitally important to cover your network endpoints. What's an endpoint? Any single thing that can attach to your network, whether it's a server or a USB stick. Pay particular attention to those small portable devices like USB and external hard drives. They can be carriers of threats, sneaking them into and out of your business network. For years, network security admins considered networks as closed, unified entities, and designed their defensive strategies accordingly. With the proliferation of portable devices, you've got to consider your network as an expandable, mobile one. That's why endpoint security is crucial. Patching endpoints, performing vulnerability assessments, remediation, and enforcing corporate compliance are all part of effective endpoint security.

Corporate compliance isn't the same as a security policy. A policy is your network's laws, whereas compliance refers to their enforcement. For example, enforcing compliance means preventing any PC or laptop from accessing the network if it doesn't have the security patch specified in your policy. For example, a product such as McAfee Endpoint Protection is focused on security in this area.

Don't forget user security

Security problems can originate from what's in between the keyboard and chair, namely end-users. Restricting what users can and cannot access (maybe using a web filter to prevent Facebook access during work hours, for example) can stop nasty bugs from entering your network. Don't run a free-for-all network; force users to authenticate into the network, whether it's a wired Windows Domain using Active Directory, an SQL Server or a wireless router. For organisations with highly sensitive data, there are third-party solutions like RSA SecurID which provides two-factor authentication for users to access network resources. Implementing authentication lets you keep tabs on who is accessing what, when they can access it, and it helps with keeping hackers out.

Don't set it and forget it

There are a number of routine network "housekeeping" tasks that should be part of your security strategy. Keeping all of your software updated is one. This not only includes Windows Updates and patches for servers and clients, but applications, firmware upgrades on routers and switches, and pertinent updates for smartphones on the network. Many of these updates contain security fixes and patches. Keep a handle on updates with a patch management solution like GFI LANGuard. Also, as users come into and leave your network, be sure to remove or disable (depending on your corporate policy) their access to the network and its resources.

No matter how effective you are in securing a network, you still have to contend with end-users, who often inadvertently make the biggest security breaches. Educate end users about security and policies. Give special attention to remote users who may frequently be on the road. Here’s a collection of tips you can give to users who may regularly connect to public Wi-Fi hotspots in order to keep their data, and your network, safe.