In a few decades, how we live, work, play, and learn has all changed. Without a network that allows data to be shared between people, modern business is almost impossible. Yet, with growing reports of phishing attacks, data theft, ransomware, and other threats, companies cannot afford to take network security lightly. The risks are far too high. The time for all businesses to increase their network security is now.
While every organization wants to deliver the services that customers and employees need, the more users, devices, and applications added to the network, the likelihood of a vulnerability being exploited and a security breach increase exponentially.
|Cybercriminals have found their sweet spot, small businesses, and you are in their crosshairs. According to the 2021 Verizon Data Breach Investigations Report, 58% of cyber attack victims were small businesses (organizations with fewer than 250 employees). Unfortunately, cyberattacks now cost on average $200,000, something small businesses don’t have to spend.|
Cybersecurity Ventures says cybercrime will cost the world $6 trillion this year (2021).
As I sat down to write this article, I thought about how businesses are not fighting a single, one-time battle but part of an ongoing cyberwar, one in which they are in an arms race.
This article was difficult to craft because writing a “definitive guide to secure a business network” is a “giant topic”, borrowing a phrase from one of my coworkers. Essentially, how do you write about a war that includes cybercriminals, cybergangs, and nation-state actors, which will continue for the unforeseeable future? How do you convey the seriousness of the issue and provide the content that you, the reader, expect?
Due to this and the giant nature of this topic, I rewrote the article several times and ended up with two different versions. The first version is “giant” and covers each of the five TCP IP layers, addressing security issues at each layer. We hope to release this later as a downloadable PDF article. The second version, this shorter blog post, focuses on the most common network and human assets that every organization needs to reinforce.
Secure the most common vulnerable resources
The ultimate question in this arms race becomes, what steps do you need to take to secure your business network without breaking the bank? Securing business networks against intruders can be a demanding, expensive, and time-consuming process. Many businesses default for a simple, minimal time and cost investment, placing them at heightened risk.
|As noted in a Better Business Bureau (BBB) report on the state of cybersecurity: “One important issue is the effective allocation of resources to cybersecurity (i.e., how well is the money spent). This question is even more critical for smaller businesses: they cannot afford to make mistakes when committing to such important and expensive investments and need to be as effective as possible in the allocation of resources.”|
Given costs, the best way to address the money and effort problem is to secure commonly exploited network and human vulnerabilities.
Protect your network assets
1) Your email gateway
Email is also the most common vulnerability exploited by cybercriminals.
|According to a study by PhishMe, 91% of successful cyber-attacks begin with spear-phishing emails.|
Your email gateways are your most essential firewalls and serve to block the IP addresses, domains, and content cybercriminals send in an attempt to penetrate your organization and steal sensitive data.
Common cyber attack vectors include spamming and phishing; however, a well-designed suite of blocklists, like Abusix Mail Intelligence, will block over 99% of the spam during the connection session, making DNSBLs the most critical place to start in keeping your email protected.
Domains used in cyber attacks often spoofed, for free, are simply domains unprotected by an SPF and DMARC record in DNS, which costs nothing to create. It’s not hard to imagine having your CEO spoofed in an email to employees because it happens daily.
Separately, domains purchased by cybercriminals that are random or appear like highly recognized domains/brands are used in standard and specialized zero-day email attacks. To protect against these types of domains, you need to filter known spam domains or newly observed domains found in inbound and outbound headers, message bodies, and email attachments. You also want to watch for message bodies and email attachments containing usually reputable SaaS short and online file storage URLs that appear on blocklists. They have often obfuscated links to phish sites, malware, and malicious files.
Every organization, every application, and employee is vulnerable. Even the two most well-known gateways, Google’s Workplace and Microso ft O365. While both are robust solutions, they have vulnerabilities and therefore may not protect your employees and business in all cases, given the constantly changing landscape.
In the end, always remember, that only by implementing multi-layered email security, multi-factor authentication, encryption, solid cybersecurity practices, and employee training will an organization reduce the email threats that cause Business Email Comprises (BEC).
2) Your web servers
The next most common network asset that cybercriminals exploit is an organization’s web server and web applications. Your organization needs to keep current on vulnerabilities that might occur on your web server and using web browsers. Cyber attack vectors for websites and applications often occur with installing insecure plug-ins into CMS applications like WordPress, Joomla, and others, which are by design secure until plug-ins tamper with their base code.
SQL injection is the most common attack vector for cybercriminals, according to ENISA (European Union Agency for Cyber Security). This type of attack is where a cybercriminal attempts to access the database(s) connected to your website or web application. These types of SQL attacks cause sensitive data (username and passwords, contact information, credit cards, etc.) to be altered, stolen, or destroyed. Another typical attack is cross-site scripting (XSS). In the case of XSS, code is injected into a website or application.
Cross-site request forgery (CSRF) is an attack vector, a malicious exploit where unauthorized commands are submitted from a user that the web application trusts. CSRF attacks allow criminals to make unwanted purchases on behalf of users, causing users to distrust an organization. Yet, another type of website attack, known as Pharming or DNS poisoning, occurs when a victim’s legitimate web traffic is rerouted without the web user’s knowledge. The rerouted traffic is presented with a spoofed page to steal sensitive or personal information without the user realizing it.
Web server configuration best practices include:
- On all sites, reduce using plugins to as few as possible, hard coding website features. Additionally, use only well-supported paid applications. Free means free, no support, no bug-free guarantees, no cost to the developer if the plugin fails.
- All websites need to install an SSL Certificate and CDN Service.
- Web applications need to install a Web Application Firewall (WAF).
Web application coding best practices include:
- Protect against SQL injections by using prepared statements with parameterized queries, ensuring that SQL codes are defined first, and the SQL queries are passed later.
- Protect against XSS attacks by knowing how the browser could interpret user-generated content (differently) than what you intended. HTML must be coded and function as intended, containing appropriate escapes, does not concatenate strings or sets raw HTML content.
- Protect against CSRF attacks by requiring a secret token in a hidden field inaccessible from third-party sites.
Your WI-FI (wireless network) routers
Wireless Routers and access points (WAPs) are often accessible for cybercriminals to infiltrate and access wireless networks. Therefore, the proper configuration and monitoring of Wi-Fi networks are critical to any security program.
Common cyber attack vectors include:
- Cybercriminals know the router model of the target network and conduct brute force attacks targeted at that specific router.
- Setting up Wi-Fi networks near your office device that resembles your SSID and collecting the access tokens from your employees’ or customers’ wireless devices when they unintentionally connect to the fake network.
Configuration best practices include:
- Segment Wi-Fi traffic into its VLAN.
- Always encrypt all your traffic with users using WPA2 or WPA3 regardless if you have a home, guest or business network.
- Use different Wi-Fi networks for employees vs. guests network.
- Use 802.1X (also called Enterprise mode) for your private employee network. This will ensure each employee has their unique login.
- Additionally, for the private network, turn off SSID broadcasts to hide it from casual lookers. Simultaneously, change the SSIDs (service set identifiers) to something random that has nothing to do with your business, making the routers twice as hard to figure out.
Other tools to consider
Filtering traffic by placing hardware or software firewalls between your network and the outside will help deter opportunistic cybercriminals. A network firewall uses rules to allow or block traffic by locking down open “ports” through limiting traffic (packets) coming in and out. By doing this, it becomes much more difficult for hackers to infiltrate your organization and steal data. If you do not have a Firewall, this article from Gartner will help you navigate the marketplace.
IDS are used to detect attacks on your infrastructure surfaces. IPS, its companion, actively blocks malicious activity or policy violations, preventing cyber criminals from getting into the next layer of your network. Consider investing in an IDS/IPS solution and protecting your business.
Protect your human assets
Network security does not start and end with devices on your network but extends to all devices that employees will use to connect to your services. If you don’t help them protect their devices and themselves, you aren’t protecting your network.
Securing all employee devices
Securing all devices is best accomplished using the following framework.
- Disable auto-connect to unsecured Wi-Fi on all devices, including laptops, tablets, and cell phones.
- To prevent the spread of malicious files across the network, disable file sharing on all devices that do not require it.
- Install antivirus software on all network systems and employee devices.
- Ensure all devices use password-protected screen-savers and auto sleep settings set to a reasonable and short time.
Prevent successful password exploits
Exploited accounts occur, where a cybercriminal gains access to an employee’s account on a web application (Email, Website, CRM, etc.). They do this with stolen credentials (email account and password pair), dictionaries, and brute force attacks cracking email accounts and their passwords.
To prevent these attacks from becoming successful, always use Multi-Factor Authentication (MFA/2FA). If you don’t have MFA in your security suite for some applications, start investing in an Identity Access Management (IAM) solution for these applications immediately.
When MFA is unavailable, have users secure usernames and passwords with at least 15 characters or more, and that contain a combination of letters (caps and lower case), as well as at least one number and symbol, and use a password manager, like LastPass or 1Password, so employees are not writing down their credentials and placing themselves at risk.
Allow employees to access your resources from a remote location securely
VPNs allow your employees to securely use public networks to connect to email, your web server, and applications, as well as your network, working from home, in a coffee shop, or while traveling.
VPNs protect against cyberattacks in which attackers listen to sensitive data. VPNs that use the newest TLS protocol encrypt and secure the remote user’s activities and communications. Additionally, these services also prevent unexpected data loss by automatically closing sessions with your network, thereby preventing the criminal from penetrating your network after a session improperly closed. Here are several reputable corporate VPNs.
Assure employee safety when they click on links to the outside world
Content Control or Web Filtering is a network security measure that prevents your users from reaching phishing sites. Microsoft’s SmartScreen filter for Explorer and Edge; and Google’s Safe Browsing initiative (including Apple Safari, Firefox, and others) have gone a long way toward improving user safety. But that said, applying additional web traffic filtering protection is worth it, especially in industries or businesses targeted by phishers, like financial, healthcare, utility, retail, information services, manufacturing, and government sectors.
Filtering web traffic is crucial to stop users from going onto fake phishing sites that appear legitimate, inputting sensitive data or personal information, and downloading malware. The way web filtering technologies work is they use DNS or a web proxy to manage traffic flows. The solutions identify phishing sites using Bayesian content filtering to identify the site’s category and scan the sites for threats, including an anti-virus analysis.
Most well-designed web filtering solutions today use machine learning to find sites with other phishing indicators, even if the site does not contain anything outright malicious. Also, organizations deployed web filtering solutions typically configure to block specific categories and enable other policies that help prevent users from unintentionally reaching any non-business-related and phishing pages. Comodo’s Secure Internet Gateway is one example of this type of filter for commercial use.
Remember, your employees are not robots, help them
Attackers often get into your business network without ever having to pass through your network’s firewalls, as they simply get in through employees. Not recognizing the human factor as a significant threat is the greatest risk to your business network security.
The human layer is the most difficult to defend because it is the most exposed to social engineering manipulating people into performing insecure actions and divulging sensitive data unintentionally. Cybercriminals commonly prey on users by using:
- Authority/Trust constructions
- Consensus/Social proof
- Familiarity and affinity
These attacks can occur anywhere, through email, phone calls, text messages, social networks, industry watering holes, and face-to-face impersonation.
The most common human deception schemes have victims provide sensitive data over the phone, email, text, or visiting a website to gather information or unintentionally downloading malicious files to further their exploit.
Given the diversity of potential risks, you are ahead if you help your employees recognize threats.
Hold formal employee security training sessions
To create a security-centric culture, including security awareness training in your new hire onboarding process, so every employee has the same basic level of awareness. Also, set aside some time to have regular, continuous formal training sessions, so your employees can understand any changes to your policies, practices, and customer acceptable use policies.
Your employee and customer security training needs to help them understand the threats they face, as well as the potential effects of a personal or business data breach. Training can do wonders to reduce their susceptibility to phishing emails, phony online storefronts, and other schemes designed to trick them into providing sensitive data or downloading malware.
To keep secure, your employees need to ask, “Is my network secure continually?” and “How can I tell if my network is secure?”
Training should include:
- Information security training ensures that the time you have put into your security practices and processes, authorized use policies, and what to do with an emergency is understood. If you don’t, employees will simply skim through your documentation.
This session will also help employees understand why Multi-Factor authentication (2FA/DFA) is a must.
- Network security training helps employees understand why certain types of hardware and software exist. Network security training reduces the risk for your business by increasing network security tool adoption. In this session, train them on how to secure their devices, home, and use a VPN when they connect to the public network from a coffee shop or travel.
- Cybersecurity threat and response training is to ensure that you actively train employees on what to look for in phishing emails, as well as data loss and the problems associated with sharing sensitive data outside their network.
In this session, encourage continual training and a neighborhood watch involving employees.
|Kaspersky conducted a study with 4,000 businesses in 25 countries experiencing data breaches. The study revealed that59% of companies with data breaches reported that careless or uninformed employee actions were the cause of the data breach. 56% of businesses had data breaches; the breaches occurred after phishing and social engineering, both of which occur more frequently when an end-user is uninformed or careless.|
Actively engage employees in your security program
Engage employees on an ongoing basis on good versus poor security practices with interactive activities, including
- Encourage employees to present their security responsibilities in a training session.
- Working together uses different ways to develop quality username and password combinations, which contain letters (caps and lower case) and at least one number and symbol.
- Get employees to identify phishing emails now and again by creating and sending a fake phishing email, and see how many of your employees fall for it. If many people take the bait, it may be time to hold another training session. Simulations will help you assess the real-time responses of your staff and keep employees on their toes so they’re more cautious of phishing attempts.
Send security updates to employees
To keep your employees aware of the latest cybersecurity issues, send them regular updates about cybersecurity threats and cases from a trusted source. To keep your security strong, you need to update them about new social engineering scams and refresh their memories about repeat threats.
Encourage a “neighborhood watch”
Involve your employees and encourage a “neighborhood watch”:
- Ensure your employees know the risks in their role; they better understand the implications of lax network security and what they can do to help.
- Assign every employee some security duties as part of their job.
- Regularly test your security plans by reviewing them with your employees to ensure they’re sound and practical.
- Have employees guide you through what to do if they notice suspicious activity on their devices, including contacting their cybersecurity escalation contact.
Maintain your security continuously
Regardless of the size of your business and network, you need to ask, “Is my network secure continually?” and “How can I tell if my network is secure?”
How to check if the network is secure starts by simply taking the time to establish a proactive network security maintenance schedule.
A basic security maintenance plan includes:
- Perform automated backups.
- Always enable logging on machines and run automated log activity reports.
- Always block unused ports.
- Always disable unused interfaces or services.
- Always remove unused software applications.
- Keep hardware, operating systems, and software up to date.
- Set up a schedule for network name changes, password changes, audits
An audit will identify, assess, and secure your network against outside intrusion by auditing all assets to determine if your network is secure on a fundamental level. A pen test will stress the network and its device security more comprehensively to check if your network is secure.
Once you have a sensible network security maintenance process, document it, and then circulate it to your team for comments.
Stay awake and cyber-aware
Keep your network healthy by remaining aware. Continually apply solid cybersecurity practices by monitoring and verifying. While locking down the network is an excellent start to developing network security, you need always to assume there will always be vulnerabilities. Continual cybersecurity monitoring of traffic is critical to plugging holes and securing your business network.
Know your neighborhood
You should always know who is on the network you are on and in your building. Sometimes a clever cybercriminal can get into a business and plug in a small wireless router into your network so that they can access your network from outside your building. A reliable network analyzer will help you find any rogue Wi-Fi networks so that you can address the threat.
Closely monitor traffic
All your system logs contain valuable information about the traffic coming in and out of your network. IDS, firewalls, wireless routers, email and web servers, and web proxies have information about who is attempting to get inside your organization. Don’t be merely reactive, be proactive; mine it!
Set aside time to read your log reports carefully and not rely entirely on alerts to dangerous flag activity.
Ensure that whoever reads your logs understands normal network behavior, so they can detect abnormal behavior that automated monitoring and alerts are missing. Here you might also consider adding additional security behavioral analytics tools and threat intelligence feed to automatically detect activities that deviate from the norm and represent a potential threat.
Also, ensure there is a way to log and flag suspicious activities to check for repeat anomalous events and escalate issues. Following this path, you will identify faster indicators of threat and compromise that pose a potential problem, making remediation far faster and easier.
While sometimes organizations avoid monitoring logs containing employee traffic, they don’t. Many employee devices may not be fully secured and may be compromised. Additionally, since most exploits are social engineered attacks, each employee is a vulnerability. Yes, employees are the most significant data breach risk to your organization.
|If phishing does get through your filters, “50% of recipients open emails and click on phishing links within the first hour of being sent.”|
Verizon Data Breach Investigations Report
Address behavioral and insider threats early in their life cycle, regardless of whether they are related to an uninformed employee or an immediate risk to your business. Do not wait; always be proactive.
Stay up to date
Monitor the threat landscape for new types of threats or major exploits as they are discovered and reported, as you may find that the same problems exist in your network. Your security solutions or services may provide this type of alert or information system.
|Subscribe to the U.S. Computer Emergency Readiness Team (US-CERT, a division of Homeland Security), which sends email alerts about recently confirmed software vulnerabilities and exploits.|
How to get started?
Your security team must find and control problems quickly. Breaches will happen. The assets listed in this article are the ones you need to be concerned about. Focus on them, and you will reduce the likelihood, but no security defenses are entirely impenetrable. You must have network security, cybersecurity monitoring, and employee processes in place to defend, find and prevent cyber attacks on your business from being successful. Seek out specialists like Abusix to help you with assessments, design, implementation, and solutions support. Get your free 14-day trial of Abusix Mail Intelligence to secure your business network with an additional protection layer.