Companies often get serious about network security after they’ve experienced a major attack, assuming they’re still in operation. No doubt a harmful virus is a powerful inspirational for action, but it’s far better to avoid a disaster in the first place. A well-implemented network security system will go a long way towards blocking viruses and malware, preventing hackers from taking over.
It’s an urgent matter, even for small-to-medium sized businesses (SMEs). These organisations are likely to believe they won’t be targeted by cyber criminals. The negligent assumption is their intellectual property is not valuable enough to make them worth hijacking. But a lot of malware attacks are indiscriminate. The powerful Mydoom virus, and its various iterations, affected one in three SMEs, but only one in six larger organisations. SMEs are more vulnerable because they don’t have stringent security measures in place.
It is not paranoid, but realistic to assert that a lot of serious threats lie in wait for unprotected organisations. Cyber criminals are experts at finding vulnerabilities in software running on PCs, or servers, and developing malicious code to take advantage. They direct attacks at a single company, especially to steal intellectual property (IP) off a rival, or they launch mass, indiscriminate attacks with viruses or worms onto the internet.
“Complacency is no longer an option when it comes to cyber-crime”
The viruses and worms can be the vehicle for Trojan horses, which are malicious software programmes that capture personal information and data, or burrow into remote servers. Even more drastic is a Denial of Service (DoS) attack, which puts the target site out of action by flooding it with false information. It is a favourite strategy of online cyber criminals, who threaten to bring the business down unless they pay a ransom. Meanwhile, the dangers of spam emails should not be underestimated. Spam is a vehicle for phishing attacks that steal personal information, such as credit card details.
The positive news is that a well-designed network security strategy will mitigate a lot of the risks. The first step is to carry out a risk assessment, involving every department, including sales, human resources, finance, procurement and logistics. The goal is to single out the greatest weaknesses to address. It’s best, especially for an SME, to phase in network security measures, making sure the complex process of integrating the technology is carried out effectively. A risk assessment helps to establish an order of priority.
The second step is to inform employees about the network security strategy. Cyber criminals are likely to target naïve employees who can easily be exploited, which means that educating them about the risks is critical. The policy will define protocols they should follow for IT resources, email, the internet and the cloud. Special attention should be paid to making passwords hard to decipher. Hackers have developed tools that guess various combinations, or try common words from a dictionary.
Designing a secure network should not mean implementing a single technology to protect the organisation. The best defences are composed of multiple barriers. One bedrock will be a firewall that restricts inbound and outbound access to authorised traffic. Great care must be taken to configure the firewall correctly, as many organisations make mistakes and leave vulnerabilities. It’s a good idea to install personal firewalls on laptops, which present especially serious security issues.
Anti-virus software that scans emails is essential. It can be installed on each desktop or a server to analyse every incoming message. Similarly, spam filtering can be attached to email servers to sort out false positives, which are legitimate messages that have been classified as spam, or false negatives, which is spam that has slipped through. Phishing attacks can have serious consequences when targeted at ill-informed employees.
Businesses that want to take their network security to the next level will consider installing intrusion detection (IDS) and intrusion prevention (IPS) systems which distinguish between legitimate traffic and attacks. Companies that feel particularly vulnerable will want Virtual Private Network (VPN) technology, which encrypts data sent between two parties. Again, prudence is required because weak links can be exploited when an individual’s computer is connected to the VPN, but left open to a hacker’s attack. Increasingly, the concept of Network Telemetry is becoming important for companies. Telemetry describes the automation of communication processes to receiving equipment. It allows companies to look more broadly at incoming data, not just from IDS/IPS and firewall logs, but also internal networks, WANs, and remote offices. Popular tools include telemetry like NetFlow, packet capture, and endpoint forensics. In the future, more intelligent technologies, including machine learning algorithms, will allow companies to go beyond network monitoring security and actively search for threats.
There is one final issue that requires careful thought. Companies may decide they need to carefully monitor their employees’ use of computers and networks. It’s true there are serious consequences if a worker leaks confidential information, leading to loss of IP and legal actions. Some organisations will see close monitoring of their staff as critical, whereas others will believe that educating employees, combined with a lower level of monitoring, will be enough. There could be a balance to be struck between the security of the company and good relations with staff, who might resent feeling they are being spied on.
For the more paranoid, a wealth of technology is able to analyse every move that an employee makes. Windows allows ‘auditing’ so security can keep tabs on the sites that employees access and software is able to analyse web cache files. Firewalls can be configured to report back if dodgy websites are accessed and blocking programmes prevent access to certain URLs. There’s even software that searches every email sent and received for particular words. Keyloggers capture keystrokes and send them to a remote computer, and screen capture utilities monitor what employees read on their screens. If employers feel their staff are a security risk, there are plenty of ways to spy on them now.
For organisations that haven’t yet put much thought into developing a network security system, the main focus should be on formulating a strategy, then addressing the greatest vulnerabilities. Complacency is no longer an option when cyber criminals are constantly developing new and more devious strategies.