Over the next several weeks, we are going to take an in-depth look at each of the 10 steps in the Small Business Administration’s simple guidelines for defending your business against cyber threats, to help you understand why each step is important to your business.

This week we’re exploring Step 2 of the Small Business Administration’s guidelines for defending your business against cyber threats.  

Small Business Cybersecurity: Secure Your Network

Your network is arguably one of the most important parts of your business. It’s your team’s highway to accessing the systems, applications, and services that make your business work. Unfortunately, it’s also a road map for cyber attackers looking to steal your customers, your vital business intelligence, and yes—your money.

As a small business owner, taking steps to secure your network can differ greatly in terms of scale and cost. A small shop has different needs than a consulting firm with offices in six states. But the failure of securing either of these networks can have equally devastating consequences to those businesses.

How do I protect my business network from cyber attacks?

For the smallest of small businesses, the first step in securing your network can be as simple as securing your WiFi connection. As a basic cybersecurity protection, any WiFi networks on your premises should be password protected and their network names hidden. That means configuring your wireless access points or routers so that they don’t broadcast their service set identifier (SSID) out to the public. That said, if your business provides courtesy WiFi as a service to your customers and visitors, you may need them to be public. And in this case, it’s critical to keep these networks physically separate from your business WiFi. The reality is that there’s no point hiding your “work” SSID if your public customer WiFi is plugged into the same consumer-grade router and shares the same logical network.

Now, let’s talk about the hardware you’re using. While consumer-grade WiFi hardware has come a long way, you have to be careful that you’re purchasing something that can handle multiple users, has more advanced security and network configurations, and can easily be patched, managed, and maintained. Think your network is too small to be at risk from cyber attacks? The FBI disagrees and you should probably check out their PSA about it right HERE. And somewhere in the range of 60% of small businesses reported cyber attacks in the past two years.

Can my employees use personal hotspots at work?

Well, no. It’s important in (larger) small business environments to discourage your employees from setting up ad hoc hotspots with their smartphones, or bringing in personal WiFi routers. These ad hoc, informal touchpoints to your network increase your exposure to cyber attack. These rogue networks can not only interfere with your business WiFi, but they can also be used to steal proprietary or sensitive data. Make sure you’re keeping an eye on unexpected SSIDs that are showing up in your place of business. Some might be innocent, but others might be hackers waiting for the chance to steal your passwords or your data.

What kind of security do I need as my network grows?

Growth is exciting! If your network needs to expand, then congratulations! For the largest small businesses, building your network might represent a significant investment in time, expertise, and physical hardware. We’re not going to delve into the nitty-gritty details of building a resilient and secure physical network, but we will offer some new cybersecurity guidelines that you should consider.

The best defense is a multilayered one. You can simplify your security configuration and management by combining Unified Endpoint Management (UEM) systems and Next Generation Firewalls (NGFW). Having a UEM means you can actively manage all the assets on your network. UEM doesn’t need to be a headache; with the right system you can easily manage and secure all the assets on your secure network as well as manage policies that monitor and control internet access, web-based email services, remote access software, removable storage devices, or legacy services such as FTP that are all touchpoints where your data can be stolen.

How much network activity should I monitor?

A watched pot, as they say, may never boil, but network logs that aren’t monitored are useless. Network log files represent the digital exhaust of your business’s day-to-day operations, an ongoing list of access information and application behavior that can clue you into possible threats. Log files showing access and application behavior are often the only signs that security personnel have to point them at possible compromises or data breaches. Have the storage available to maintain logs, and the tools necessary to farm them for indicators of compromise. There are solutions like Security Information and Event Management (SIEM) options that can help, but they can be costly and complex for small businesses to deploy. So think creatively. Look at solutions that can get the security you need without breaking the bank. LanScope Cat is one example, which aggregates logs and provides guidance when certain activities trigger alerts, but comes without the typical cost and effort required to implement larger solutions. Bottom line: Don’t skimp on security, but that doesn’t mean you have to break the bank.

What do I do in the event of a cyber attack?

First of all, have a plan. Know what you will do if and when you discover a possible compromise. All of your employees should know who to contact with security concerns and they should be empowered to keep security in mind in everything they do. Have an emergency response plan drafted and test it at least once a year to ensure the key players in your organization know what to do should a network compromise occur. Rapid response can be the difference between stopping an attack in its tracks or experiencing a full-fledged data breach.

That’s all for this month—check back in May when we talk about how small business can establish cybersecurity practices and protect sensitive information!