How to Secure Your Small Business Network
Just because your business is small, doesn't mean that hackers won't target you. The
reality is that automated scanning techniques and botnets don't care whether your company is
big or small, they're only looking for holes in your network security to exploit.
Maintaining a secure small business or home network isn't easy, and even for an old hand
in IT, it still takes time and energy to keep things locked down. Here are 10 of the most critical
steps you can take to keep your data from ending up elsewhere, and none of them take much time
or effort to accomplish.
Get a Firewall
The first step for any attacker is to find network vulnerabilities by scanning for open
ports. Ports are the mechanisms by which your small business network opens up and connects
to the wider world of the Internet. A hacker sees an open port to as an irresistible invitation
for access and exploitation. A network firewall locks down ports that don't need to be open.
A properly configured firewall acts as the first line of defense on any network. The network
firewall sets the rules for which ports should be open and which ones should be closed. The
only ports that should be open are ports for services that you need to run.
Typically, most small business routers include some kind of firewall functionality, so
chances are if you have a router sitting behind your service provider or DSL/cable modem, you
likely have a firewall already. To check to see if you already have firewall capabilities at
the router level in your network, log into your router and see if there are any settings for
Firewall or Security. If you don't know how to log into your router on a Windows PC, find your
Network Connection information. The item identified as Default Gateway is likely the IP address
for your router.
There are many desktop firewall applications available today as well, but don't mistake
those for a substitute for firewall that sits at the primary entry point to your small business
network. You should have a firewall sitting right behind where your network connectivity comes
into your business to filter out bad traffic before it can reach any desktop or any other network assets.
Password Protect your Firewall
Great you've got a firewall, but it's never enough to simply drop it into your network
and turn it on. One of the most common mistakes in configuring network equipment is keeping
the default password.
It's a trivial matter in many cases for an attacker to identify
the brand and model number of a device on a network. It's equally trivial to simply use Google
to obtain the user manual to find the default username and password.
Take the time to make this easy fix. Log into your router/firewall, and you'll get the
option to set a password; typically, you'll find it under the Administration menu item.
Update Router Firmware
Outdated router or firewall firmware is another common issue. Small business network
equipment, just like applications and operating systems, needs to be updated for security and
bug fixes. The firmware that your small business router and/or firewall shipped with is likely
out-of-date within a year, so it's critical to make sure you update it.
Some router vendors have a simple dialogue box that lets you check for new firmware versions
from within the router's administration menu. For routers that don't have automated firmware
version checking, find the version number in your router admin screen, and then go to the vendor's
support site to see if you have the latest version.
Most router and firewalls include multiple settings that help to determine how visible
your router and/or firewall will be to the outside world. One of the simplest methods that
a hacker uses to find a network is by sending a ping request, which is just a network request
to see if something will respond. The idea being if a network device responds, there is something
there that the hacker can then explore further and potentially exploit. You can make it harder
for attackers by simply setting your network router or firewall so that it won't respond to
network pings. Typically, the option to block network pings can be found on the administration
menu for a firewall and/or router as a configuration option.