Friday, December 9, 2022

How to Secure a Network: 9 Steps to Setup a Secure Network

Network security protects a company’s network, infrastructure, and data to prevent cyberattacks and data breaches.

The best way to protect a company’s network is to use a variety of cybersecurity strategies and tools that focus on network security. See below to learn all about the steps a company can take to better secure their network: 

9 steps to set up a secure network

1. Apply encryption to data:

2. Set up a firewall:

3. Establish a virtual private network (VPN):

4. Be consistent with network monitoring:

5. Install malware and antivirus protection:

6. Update software often

7. Create strong passwords

8. Set up two-factor authentication

9. Educate all employees on cybersecurity:

Why Is Securing A Network So Important?

1. Apply encryption to data

End-To-End Encryption (E2EE) ensures that data shared through a network is secure and authorized to workers who can access the data.

Encryption security measures are effective to keep a network secure. Encryption security scrambles the data sent from employee to employee or business to business, and if it is intercepted, it cannot be read by anyone without access.

When the encrypted data reaches the correct recipient, the data is decrypted with a password that opens the information.

How to set up encryption for a company:

1. Identify Security Holes

Cyberthreats attack corporate network and one way to catch any vulnerabilities is through a security assessment. There are multiple assessments to consider:

Types of assessments

  • IT audit: Helps assess if a network’s configuration matches the essential standards.
  • IT risk assessment: Helps identify, analyze, and evaluate a company’s security risk levels.
  • Penetration testing: Intentional cyberattack against a company’s network and infrastructure to find their vulnerabilities. See more: What is penetration testing?

Once a company finds the best assessment for them, they will be able to see what their needs are. When all of the security needs are defined, they can continue setting up the encryption software.

2. Choose The Right Encryption Type And Tool For The Company

There are many different encryption tools on the market for a company to choose from. Three encryption methods are focused on the most:

Triple data encryption standard (3DES)

  • 3DES uses 56-bit keys for triple protection, instead of using just one 56-bit key. It is older than the other data encryption forms.
  • Takes longer to encrypt data
  • Isn’t incorporated into new tech

Advantage encryption standard (AES)

  • AES encrypts data in a single block that ranges in size:
    • AES-128 (128-bit size)
    • AES-192 (192-bit size)
    • AES-256 (256-bit size)
  • The standard encryption type
  • Used by governments, security agencies, and most other businesses

Rivet-Shamir-Adlemon (RSA)

  • RSA relies on public keys for encryption
  • RSA requires knowledge before using
  • No patent, available license-free

AES is recommended for all businesses, due to AES being the standard encryption type. However, the other types can be used as well.

Top Software For Encryption

  • VeraCrypt: encrypts the entire operating system with specific volumes and partitions, free for consumers and businesses
  • Trend Micro Endpoint Encryption: encrypts full volumes, files, and folders, has key management and an Active Directory for monitoring data
  • AxCrypt Premium: encrypts and decrypts files, helps share files within the app, access files securely from mobile devices, and secure files online via cloud storage

For more top software for encryption: Best encryption software

Once a type and tool have been established, a business can continue to implement an encryption plan.

2. Set up a firewall

A firewall is a popular way to protect a company’s network. It filters both incoming and outgoing network traffic based on a company’s security policies and rules.

Because the company has preset policies, firewalls are one of the best network security tools to catch vulnerabilities and take preventative action.

It is possible to install a firewall on individual devices to protect from malware, and a business can also set up a firewall on their internet connection with a web application firewall (WAF). 

Here are the steps to set up a firewall:

1. Pick The Type Of Firewall

Before a business can set up a firewall, a company needs to find a firewall that supplies all of their needs. There are multiple types of firewalls including:

Types of firewalls

While these are just some of the firewall options, there are many firewall software to look into. Once a company decides on their firewall, it is time to secure the company’s firewall.

2. Secure The Firewall

A company must immediately decide on who in the company should have access to the firewall. Once there is an employee with this role, they should follow the following steps:

Steps to secure the company’s firewall

  1. Update the firewall
  2. Delete or rename default user accounts
  3. Change all default passwords
  4. Create an effective password
  5. Make all employees who have access to separate accounts
  6. Limit access

Once all of these steps are completed, the company’s firewall is secured.

3. Identify Firewall Zones And IP Addresses

Similar to the first step of encryption, all data and assets need to be grouped by low, medium, and high sensitivity and their functions. Once the assets are grouped, they can be grouped into zones.

However, web services, such as email or VPNs, must be in their dedicated zone. This will limit the internet inbound traffic.

After the network zone is established and has a corresponding IP address, it is time to have a firewall access control list. 

4. Establish an Access Control List (ACL)

With firewalls, each member who can access firewalls needs their own logins and passwords. When creating an ACL, it is important to include the following factors:

Factors of an Access Control List

  • A sequence number
  • Name
  • Comments
  • Statement/rules
  • Protocols
  • IP destinations
  • Log of recorded devices

An ACL requires trusted employees to assist in different areas of the firewall. Keeping track of who and what they do is vital. There are many benefits to creating an ACL including:

Benefits of creating an Access Control List

  • Ability to control web traffic
  • Keeps company’s network secure
  • Improves safety measures

Once an ACL has been completed, the firewall is ready to be tested.

5. Test The Firewall Configuration

Testing the firewall is a necessary step to ensure the firewall is blocking the needed traffic. It is recommended to use a security assessment, anything from vulnerability scans to penetration tests.

In the case that the firewall fails, it is important to have the information accessible to repeat the configuration process.

6. Set Up Firewall Management

Setting up a firewall requires follow-up care every six months or more. This includes revisiting the setup and future configuration to make sure that the firewall and data are protected from any cybercrimes.

Once these steps have been completed, the company can move on to VPNs.

See more: What is a Firewall? Definition, Features, and Types

3. Establish a virtual private network (VPN)

A virtual private network encrypts Wi-Fi, internet connections, and data transfers in a company’s network. Most VPNs have a built-in kill switch to disconnect hardware in the network if a protected connection is lost.

VPNs are vital for businesses that have remote employees or if employees participate in business trips. Using public or home Wi-Fi could compromise a company’s network data. A VPN puts a company at ease knowing the remote and traveling workers are protected outside of an office.

Another feature of VPNs is their ability to mask an IP address, passwords, and browsing history. Here are the steps to set up a VPN:

1. Find VPN Client, Server, And Router

The first step in setting up a VPN is choosing a VPN client, a VPN server, and a VPN router: 

  • VPN client: software that creates a secure connection between a business and the VPN server. Depending on the VPN client, some will work in the background and others will allow users to interact and configure them as they prefer.
  • VPN server: server that allows both hosting and delivering of the VPN’s services. A VPN server has hardware and software technologies to assist in securing connections. 
  • VPN router: routing system designed to allow network communication in a VPN setting. A VPN router can connect and communicate with different VPN devices.

These connections allow a business to move forward with their VPN as they need it. All three of these VPN tools will help the network improve and establish an initial understanding of the preferred VPN.

2. Begin Prepping Devices For VPN

VPNs have a risk of not working with network and infrastructure connections. Preparing the company’s network is a vital step in setting up a VPN. 

There are multiple ways to test a company’s network depending on what network they have. If the VPN cannot be connected to a company’s network, it has no way to defend the systems. Experts recommend deleting previously used VPNs and deciding how the business will configure their network.

3. Download And Install The VPN

Once a company decides what VPN they will be using and has prepared their network, it is time to download and install the VPN. Most VPN providers will help the company set up the VPN. 

However, VPN providers do not always offer the software a company might need with their software. Despite this, it is recommended that a company downloads the VPN and tests it. 

Otherwise, there are multiple steps to complete this: The simplest way to get your VPN up and running is to install clients from your VPN provider. However, they may not offer software for every platform you need, such as Windows, iOS, and Android. Even if they don’t, it’s better to install what they offer first and then confirm that your VPN account is operating correctly.

4. Set Up Login Information And Log In To The VPN

Once the VPN has been set up, it is time to create a login to the VPN. When buying a VPN client, a company may need to set up multiple accounts and logins.

Usernames and passwords should be secure for the business.

Once the company has safe logins, the VPN will connect to the network of the company.

5. Decide On VPN Protocols

A company needs a VPN protocol to help decide whether they want to route their data between their systems and the VPN server. There are multiple options for what protocol is best for the company:

VPN protocol options

  • OpenVPN: open-source protocol, which helps a business sees their VPN code
  • Layer 2 tunnel protocol (L2TP/IPSec): known for strong security protection, often using IPSec protocol, to help encrypt the data sent over to the VPN
  • Point-to-point tunneling protocol (PPTP): created to use VPN tunnels between public networks 

Once chosen, the company will need to apply the protocol to their VPN.

6. Troubleshoot And Check That VPN Is Secure

A company must check if the VPN is working. Usually, after following the VPN steps, it should work immediately. However, if it is not working, a company should try: 

Troubleshooting suggestions

  • Restarting the VPN and the devices it is tested on.
  • Make sure there is no other VPN or system open that could interfere with the new VPN. If one is running, a business should either delete it or make sure it is disconnected.
  • Some VPNs have a “repair” setting to reload the software. If this is an option, it is important to run this.
  • If it is a login problem, a company can try again or call the VPN provider

Once the VPN is up and working, a company should check the settings of the VPN to make sure the settings are what the company wants. Some options to look into can be:

Setting options

  • When the VPN should run
  • If a company wants to add “favorite” or default servers
  • Possibly turn on a “kill-switch” which is designed to help in case the VPN is disconnected

See more: What is a VPN?

4. Be consistent with network monitoring

Whether traffic errors or vulnerabilities, watching the network is the difference between being unaware of cyberattacks and seeing potential attacks before they happen.

Network monitoring statistics that come from paying close attention to a network help a company see abnormalities and fix various problems. Monitoring consistently helps a security team catch bugs or vulnerabilities before a cybercriminal does.

When monitoring the network, there are three parts of the system to check:

Three parts to monitor in a network

  • Configuration: helps a company by assigning and checking network settings, policies, and current controls.
  • Performance: the process of troubleshooting and getting reports on the different parts of the network.
  • Availability: based on uptime a network has and how it responds to the connection and performance it is used for.

While adding more software, it is vital to continue monitoring to keep the network safe.

See more: Best network monitoring software and tools

5. Install malware and antivirus protection

Malware protection, including antivirus software, is a key component of network security practices. 

Antivirus software will check downloaded applications or data that are new to the network to check that there is no malware. Antivirus software needs to be updated to recognize evidence of new cybercrimes.

Unexpected malware threats are detected by antivirus software, along with websites and emails attempting to phish an employee.

How to set up an antivirus and malware software

  1. The business needs to pick antivirus and malware protection software. It is vital for a company to find the software that works best for their business.

Most popular antivirus software

  • McAfee MVISION: an enterprise-tier antivirus and malware prevention product. MVISION is recommended for large and new organizations. 
  • Kaspersky: Kaspersky’s business antivirus products aim to fit any business needs. Kaspersky antivirus prevention products and recommended for any size company.
  • CrowdStrike Falcon: CrowdStrike Falcon is a next-generation antivirus and malware prevention product. Falcon is recommended for small businesses.

See more malware and antivirus products: 10 best antivirus software for businesses

2. Once the software has been chosen, download the antivirus and malware protection software from the chosen provider.

3. Follow the instructions given by the provider to install the program. There will likely be an installation process window. 

4. When the software is installed, close out the installation window. 

5. It is recommended to restart the computer, but it is not a required step. This can help the computer get used to the new software.

6. The company should now scan for viruses. There are three recommended types of scans with the new antivirus software:

3 types of scans

  • Quick scanning: typically used for areas that are often at risk. It takes anywhere from 10-20 minutes to only cover these common error areas.
  • Full scanning: used for an entire network. This looks for viruses in every part of the system, taking anywhere from 30 minutes to hours. This is one of the safest ways to keep track of the network.
  • Scheduled scanning: used to keep scanning consistently as the company needs. A company should find the settings with their specific product to set this up. A company has multiple options to keep their network feeling safe even as they complete other tasks.

7. After scanning, the company should make sure to keep the antivirus and malware protection software updated. Updating helps the software improve scanning for viruses.

6. Update software often

Cybersecurity software must be updated regularly as updates appear. Antivirus software, firmware, account information, and applications used to protect a company should be up to date, so cybercriminals are unable to see security vulnerabilities.

Security software staying updated prevents entry points from being introduced to hackers. Software update notes reveal what errors occur and allow anyone who sees the notes to know where to exploit the company before updates are made.

Updates are also important because they can include specific changes to security.

Reasons to update all software often

  • Improves performance and protection
  • Helps improve workflow
  • Keeps software the most up-to-date for new features
  • Increases lifespan of software and hardware
  • Updates help with minor issues

7. Create strong passwords

Strong passwords are essential to a business. Using personal details in passwords can give cybercriminals the ability to break into an account with company information.

How to create a secure login

  • An employee should not use their name for a login username. This can easily be hacked by a cybercriminal.
  • While websites recommend using the beginning of the email address the account is under, that is not the safest direction to go into. Hackers could easily see this information.
  • Any username should be easy for an employee to remember, but not too easy where a cybercriminal can find it through any website, business, or personal social media.
  • Never use personal numbers with usernames. Two examples are an employee or company’s address or date of birth.
  • No Social Security number or ID number as a username. This is safer for the company, and the employee as well.
  • Strong passwords are typically more than eight characters long, with a random assortment of letters, numbers, capitalization, and symbols too difficult to guess.

Employees should be required to have strong passwords to help avoid breaches.

See more: How to generate secure passwords for your accounts

8. Set up two-factor authentication (2FA)

Two-factor authentication (2FA) is a vital step in network security. 2FA is anything from answering a personal question, sending a code to an employee’s phone or email address, and fingerprints.

Two-factor authentication is used for network and application access as well and can help secure company and customer data.

Multiple applications have different steps to set up two-factor authentication. Here are the steps for three major office productivity platforms:

Setting up 2FA for Microsoft 365

  1. Login to the company’s current work account. Microsoft 365 will prompt the business for more information.
  2. Click next on the prompt
  3. Download the free Microsoft Authenticator app and follow the steps provided or select “I want to set up a different method.” Microsoft 365 will ask for a mobile phone number, and send an SMS message with the 6-digit code to verify the device.
  4. Once the employee is in their account, Microsoft 365 will ask for additional verification information.

Setting up 2FA for Google Workspace

  1. Login to Google Workspace Admin Console.
  2. Select security on the dashboard, and scroll down to two-step verification.
  3. When two-step verification is selected, allow employees to turn on 2-step verification.
  4. Update features as needed, such as:
    • Enforcement: Making all employees use 2-step verification
    • New user enrollment period: Gives employees time before adding the 2-step verification
    • Frequency: Allowing employees to set trusted devices
    • Methods: Set allowed methods for the 2-step verification such as phone calls, text, emails, etc.
  5. Select “Save” when the process is complete

Setting up 2FA for Google Android

  1. Open the Google Account
  2. Through the navigation panel, click security
  3. Under “Signing in to Google” on the Security page, select 2-Step Verification
  4. Select “Get Started” and follow the instructions on-screen

Setting up 2FA for Apple ID

On iPhone, iPad, or iPod Touch

  1. Go to “Settings” on the device
  2. Under settings, go to your name
  3. Under your name, click “Password & Security”
  4. Tap “Turn On Two-Factor Authentication”
  5. Click “Continue” and follow the instructions

On Mac

  1. Go to Apple Menu and click “System Settings” or “System Preferences”
  2. Click on your name or Apple ID
  3. Under your name, click “Password & Security”
  4. Next to Two-Factor Authentication, click “Turn On”
  5. Follow onscreen instructions

If the business has different business applications and tools, different steps can be accessed through the help center or a business representative.

See more: Two-factor authentication: A cheat sheet

9. Educate all employees on cybersecurity

If an employee is not trained in cybersecurity and receives a phishing email, there is a chance they will accidentally expose their company’s information. Both in-office and remote employees are at risk. 

For instance, employees who don’t understand VPNs or the risk of giving others network access can compromise a company’s network security.

There are many cybersecurity training programs for employees. If they get trained as often as security procedures change, they can help a company avoid a data breach.

Here are helpful steps to educate employees:

Make Cybersecurity Part Of Onboarding

Starting employee cybersecurity training as they onboard help establish safety for the company’s data immediately. Safe passwords and usernames, phishing emails, and cybersecurity breaches need to be covered as soon as possible.

Cybersecurity onboarding needs to include going over the rules as well as explaining why the practices are vital. Explaining the risks for not only the company but for their employees too. 

Having guidelines and resources can save a company in case of a potential data breach. Making an employee comfortable with the company’s security can help if they see suspicious behavior. When communication is used between the company, it can save the company.

Teach Various Types Of Cybersecurity Threats

Various cybersecurity threats should be taught too. While spam and phishing are well-known ways for a data breach, other threats that should be taught include malware, ransomware, and social engineering.

Educating employees needs to include real-life examples of possible threats. 

Threat tips employees should be aware of

  • If apps or programs they did not download appear
  • If unusual pop-ups cause device changes
  • If the device slows down
  • If tabs show up that an employee did not open
  • If they are unable to control their device

Employees reporting these activities, whether or not they are a threat, is helpful to keep not only the other employees but the administration aware of any changes.

See more: How to Train New Employees in 5 Steps

Train Employees To Catch Phishing Attacks

Phishing attacks could look similar to normal emails an employee gets sent. In some cases, the cybercriminal will make an email address that is one letter off from another employee at the business. Cybercriminals are also able to fake a domain to get an employee’s login information.

When training employees for phishing attacks a company should tell them to ask:

Phishing attack questions

  • Is the email address misspelled or from an unknown business?
  • Is the email laid out as other emails are?
  • Is there a link asking for login credentials?
  • If it has an attachment, does it have an unusual file extension type?

Employees can call the phone number of the company and ask for further information before clicking on links or attachments. Hovering over links and attachments can help see where it plans to take the employee.

Employees should feel comfortable asking questions about possible phishing scams. If they do not, there is a risk of them opening it or giving their login information to a cybercriminal.

See more: Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?

Invest In Employee Training

New cybersecurity attacks can happen monthly or daily, so employees should be educated more than once a year while they work at the company. The employees should be updated as often as possible, just as the network security is regularly updated.

The employees need to be aware of their responsibilities within the company’s cybersecurity practices. Keeping employees informed is a vital part of guaranteeing safety.

See more: 4 Steps on How to Conduct a Network Security Risk Assessment

Why Is Securing A Network So Important?

Network security is a vital part of any business, big or small. Every company’s network is at risk of a cyberattack. Cybercrimes against a company’s network can cause the organization to lose their data and their customers’ data, which can cause clients to work with other companies or bankrupt a business.

A company’s network, infrastructure, traffic, and data can all be affected if a secure network isn’t established within the company. 

See more: 6 Best Personnel Training Software

Benefits Of Securing A Network

  • Reduced risk of a cyberattack
  • More trust between the company and customers
  • Keep confidential information safe
  • Save approximately $9.44 million on average by avoiding data breach recovery
  • Saves company from going out of business
  • Avoid data loss
  • Helps avoid legal repercussions
  • No damage to brand reputation
  • Increased employee productivity without risk
  • Controlled access of network

For more: Best Network Security Software & Tools

Similar articles

Latest Articles