Posted on September 15, 2022.

There’s a common misconception that network security is only something that global corporations need to worry about.

However, the opposite is true. Small businesses are actually the most common target for cybercriminals, accounting for 43 percent of all data breaches in any given year. That’s according to a 2019 report by Verizon.

Part of the reason why hackers are so successful at breaching small business networks is the false sense of security that many businesses have. A separate report by BullGuard reveals that 32 percent of small and medium-sized businesses use only free solutions for network device security, while 23 percent use no security at all.

Unlike a global corporation, you don’t need to break the bank to secure your network resources. These nine network security best practices can help secure your network and protect your sensitive data.

Understanding your network infrastructure

The first step in hardening your network security is to understand all the devices that connect to your network.

This includes not only employee laptops and mobile devices but also any internet-of-things (IoT) network devices like smart speakers or connected thermostats. Any device or cloud service that connects to your network can be a potential entry point for hackers.

Let’s categorize network infrastructure into three broad categories:

  • Infrastructure devices – These include Wi-Fi, routers, switches, and firewalls. Their primary purpose is to provide network connectivity and routing.
  • Cloud services – These include cloud-based applications like email, file sharing and collaboration tools.
  • Endpoints – These are the devices that actually connect to your network, such as laptops, smartphones and IoT devices.

Office network security best practices

1. Regularly audit your network

The first step in securing your network is to understand all the devices that connect to it. Performing regular audits can help you identify any weaknesses in network posture or design, such as:

  • Unknown endpoints
  • Open ports
  • Unused or unnecessary applications
  • Gaps in antivirus and malware scanning

While these are great to do with your internal team, third-party vendor assessments can also uncover additional areas for hardening. Our IT audit service can review your security systems and controls to identify new ways to keep your network secure.

2. Secure your routers and switches

Routers and switches are often overlooked when it comes to network security, but they can be a weak spot in your network if left unsecured.

First, be sure to change the default password on your router as soon as you set it up, as attackers can easily find this information online. You should also consider disabling remote administration to prevent unauthorized personnel from accessing the router’s interface.

Finally, secure your routers and switches in a secure location like a locked room or closet, so that bad actors cannot tamper with them.

3. Implement a firewall

A firewall is a network security device that monitors and filters inbound and outbound network traffic. It can be hardware- or software-based, and it’s one of the most important tools you can use to secure your network.

In addition to your firewall, consider deploying intrusion detection and prevention (IDS/IPS) systems, security information and event management (SIEM) systems and data loss prevention (DLP) software.

4. Use a virtual private network (VPN)

A VPN creates an encrypted connection between your network and another network. This encrypts all data passing through the VPN, making it more difficult for hackers to intercept and read.

VPNs are especially important for employees who work remotely or connect to public Wi-Fi networks, as these are more vulnerable to attack than private networks.

Setting up a VPN can be easy, depending on the type of VPN you choose. Some can be installed and configured in minutes.

5. Use network access control (NAC)

A network access control solution can help restrict access to authorized users only. NAC solutions can inspect devices for compliance with security policies before allowing them onto the network.

This is an important step in hardening network security, as it can help prevent unauthorized devices from connecting to your network in the first place and it can also be used to enforce policies such as requiring all devices to have up-to-date antivirus software before being allowed on the network.

At an absolute minimum, corporate networks should use user-based authentication based on 802.1x port-security. In a large or mixed environment such as higher education, we often see an access enrollment system that can enforce device security, in addition to segmentation. 

In other environments, even at a small office or home office, Dynamic Pre-Shared Key (DPSK), can be just what the doctor ordered, because it allows individual users or devices to each use a different password to connect to Wi-Fi. This means changing the Wi-Fi password in the event of a lost device is easy, and only affects that one device.

6. Create a guest Wi-Fi network for employee personal devices

To the maximum extent possible, restrict access to the corporate network to only corporate devices. For example, if the employee has a company laptop or tablet and they are not expected to be using their cell phone for work, their personal cell phone belongs on guest Wi-Fi, not the corporate Wi-Fi.

7. Use up-to-date encryption

Always be sure you’re using the latest available encryption technology supported by your infrastructure that is compatible with your devices. WPA2 with AES should be the minimum in most environments. If WPA3 is available, use it, and disable older protocols if they aren’t required. Nobody should still allow WPA or any type of WEP as these are outdated and easily hacked. 

8. Use a cloud access security broker

Fourth, consider using a cloud access security broker (CASB) solution to protect your company data when it’s accessed from outside the network. CASB solutions can provide visibility and control over which apps employees are using, and can prevent unauthorized access to sensitive data.

CASB solutions can also help you comply with data privacy regulations such as GDPR and CCPA.

9. Build a security-first culture

Finally, it’s important to educate your employees about network security best practices. They should be aware of the importance of keeping their devices up-to-date, using strong passwords, and only connecting to trusted networks.

You should also have a process in place for reporting security incidents, so employees know what to do if they suspect their device has been compromised.

Network security best practices are important for keeping your data safe from cyber attacks. By following these best practices, you can help protect your network from hackers and keep your data safe.