Is your network secure? Quite often, the answer to this question is “no” or “I’m not sure”. According to a recent study, in 93% of cases cybercriminals can breach an organisation’s network. Let that sink in. With cyber attacks on the rise and employees adopting remote or hybrid work, it’s increasingly difficult for businesses to keep all their bases covered. In this article, Chris Heywood, our Senior Network Engineer, shares his three top steps for securing your network and keeping modern threats out.
Know What’s on Your Network
The first step to securing your network is knowing who and what is on your network. Once you have visibility, you can then work to control or contain what’s on your network. After all, if you can’t see the threat, how can you protect yourself against it?
Technology like Aruba Central gives businesses this visibility using automation. That means network administrators don’t have to go in and actively run scans of the network at intervals to find out what’s on there. Automation tools like Aruba Central are collecting this information in real time, giving you a much clearer picture of the network with minimal effort.
Implement Network Segmentation
Once you’ve achieved network visibility, you need to put measures in place to control what’s on your network. The goal is to contain any threats that make it onto the network and limit the damage that can be done.
With segmentation, you put limitations in place so that certain devices can only access the part of the network they need to. For example, if a remote workers’ laptop becomes infected with a virus, it can only access a certain part of the network and can’t spread to cause greater damage. This can be the difference between a minor breach and an enterprise-wide disaster.
Dynamic segmentation involves defining the areas of the network a device has access to, depending on its type, role, location, and even the time of day. So, if you’ve got an IoT device like a fridge monitor for example, this can be put in a particular network segment and is unable to move beyond this limitation.
The great part about dynamic segmentation is that IT doesn’t have to manually set up every single IoT device that might be on your network. They’re assigned to a part of the network based on their characteristics. When you consider that cyber attackers can get in using the most mundane device such as a smart fridge, this security step is invaluable.
Protecting Sensitive Data Types
As well as defining specific rules for devices, it’s also important to consider the type and sensitivity of the data that’s moving through your network. For example, if your business is a bank or casino, anytime you’re dealing with financial data it needs to be encrypted every step of the way. From the moment it leaves your corporate control device to when it safely hits the cloud or server – no person should be able to view or interpret the data.
This goes back to dynamic segmentation. If you have a remote worker, sensitive traffic from the remote AP should be encrypted as it is tunneled back to on-premises controllers and processed on-site again. Putting this measure in place is a lot safer than sending data through the internet and hoping it will hit the server without anyone viewing or interpreting the data.
Educate Your Users
As well as putting smart technology in place to monitor and control traffic on your network, I always recommend educating your users. As businesses now embrace hybrid work arrangements that allow employees to contribute from anywhere and anytime, businesses need to invest in cyber awareness training to ensure employees remain vigilant to threats like phishing emails. A great defence includes your well trained staff, who follow security protocols and have access to the necessary support.
At Trident, we’re partnered with Aruba to protect businesses with leading-edge cyber security technology. If you’d like to assess whether your network has gaps or learn more about levelling-up your security, get in touch with our experts. We specialise in setting up network infrastructure and security, as well as delivering staff training so that you can tick all the necessary boxes.