Network security protects a company’s network, infrastructure, and data to prevent cyberattacks and data breaches.
The best way to protect a company’s network is to use a variety of cybersecurity strategies and tools that focus on network security. See below to learn all about the steps a company can take to better secure their network:
9 Steps To Set Up A Secure Network
1. Apply Encryption To Data
End-To-End Encryption (E2EE) ensures that data shared through a network is secure and authorized to workers who can access the data.
Encryption security measures are effective to keep a network secure. Encryption security scrambles the data sent from employee to employee or business to business, and if it is intercepted, it cannot be read by anyone without access.
When the encrypted data reaches the correct recipient, the data is decrypted with a password that opens the information.
How to set up encryption for a company:
Identify Security Holes
Cyberthreats attack corporate networks, and one way to catch any vulnerabilities is through a security assessment. There are multiple assessments to consider:
Types of assessments
- Vulnerability assessment: Helps identify vulnerabilities within a company’s IT infrastructure. See more: What is Vulnerability Scanning & Why Should You Do It?
- IT audit: Helps assess if a network’s configuration matches the essential standards.
- IT risk assessment: Helps identify, analyze, and evaluate a company’s security risk levels.
- Penetration testing: Intentional cyberattack against a company’s network and infrastructure to find their vulnerabilities. See more: What is penetration testing?
Once a company finds the best assessment for them, they will be able to see what their needs are. When all of the security needs are defined, they can continue setting up the encryption software.
Choose The Right Encryption Type And Tool
There are many different encryption tools on the market for a company to choose from. Three encryption methods are focused on the most:
Triple Data Encryption Standard (3DES)
- 3DES uses 56-bit keys for triple protection, instead of using just one 56-bit key. It is older than the other data encryption forms.
- Takes longer to encrypt data
- Isn’t incorporated into new tech
Advantage Encryption Standard (AES)
- AES encrypts data in a single block that ranges in size:
- AES-128 (128-bit size)
- AES-192 (192-bit size)
- AES-256 (256-bit size)
- The standard encryption type
- Used by governments, security agencies, and most other businesses
- RSA relies on public keys for encryption
- RSA requires knowledge before using
- No patent, available license-free
AES is recommended for all businesses, due to AES being the standard encryption type. However, the other types can be used as well.
Top Software For Encryption
- VeraCrypt: encrypts the entire operating system with specific volumes and partitions, free for consumers and businesses
- Trend Micro Endpoint Encryption: encrypts full volumes, files, and folders, has key management and an Active Directory for monitoring data
- AxCrypt Premium: encrypts and decrypts files, helps share files within the app, access files securely from mobile devices, and secure files online via cloud storage
For more top software for encryption: Best encryption software
Once a type and tool have been established, a business can continue to implement an encryption plan.
2. Set Up A Firewall
A firewall is a popular way to protect a company’s network. It filters both incoming and outgoing network traffic based on a company’s security policies and rules.
Because the company has preset policies, firewalls are one of the best network security tools to catch vulnerabilities and take preventative action.
It is possible to install a firewall on individual devices to protect from malware, and a business can also set up a firewall on their internet connection with a web application firewall (WAF).
Here are the steps to set up a firewall:
Pick The Type Of Firewall
Before a business can set up a firewall, a company needs to find a firewall that supplies all of their needs. There are multiple types of firewalls, including:
Types of firewalls
- Next-generation firewalls (NGFW): Offers application awareness with full-stack visibility by looking at each data packet. See more: Why a Next-Generation Firewall (NGFW) is Important
- Cloud-based firewall or FWaaS: Offers a suite of cloud technologies for online protection and access control. See more: Firewalls as a Service (FWaaS): The Future of Network Firewalls?
- Proxy firewall: Gives access for internal employees to connect to a server, website, or application.
- Stateful inspection firewall: Helps determine which packets to allow through the firewall.
- Web application firewall (WAF): Helps filter and control HTTP traffic between clients and application servers. See more: WAF (Web application firewall)
While these are just some of the firewall options, there are many firewall software to look into. Once a company decides on their firewall, it is time to secure the company’s firewall.
Secure The Firewall
A company must immediately decide on who in the company should have access to the firewall. Once there is an employee with this role, they should follow the following steps:
Steps to secure the company’s firewall
- Update the firewall
- Delete or rename default user accounts
- Change all default passwords
- Create an effective password
- Make all employees who have access to separate accounts
- Limit access
Once all of these steps are completed, the company’s firewall is secured.
Identify Firewall Zones And IP Addresses
Similar to the first step of encryption, all data and assets need to be grouped by low, medium, and high sensitivity and their functions. Once the assets are grouped, they can be grouped into zones.
However, web services, such as email or VPNs, must be in their dedicated zone. This will limit the internet inbound traffic.
After the network zone is established and has a corresponding IP address, it is time to have a firewall access control list.
Establish an Access Control List (ACL)
With firewalls, each member who can access firewalls needs their own logins and passwords. When creating an ACL, it is important to include the following factors:
Factors of an Access Control List
- A sequence number
- IP destinations
- Log of recorded devices
An ACL requires trusted employees to assist in different areas of the firewall. Keeping track of who and what they do is vital. There are many benefits to creating an ACL, including:
Benefits of creating an Access Control List
- Ability to control web traffic
- Keeps company’s network secure
- Improves safety measures
Once an ACL has been completed, the firewall is ready to be tested.
Test The Firewall Configuration
Testing the firewall is a necessary step to ensure the firewall is blocking the needed traffic. It is recommended to use a security assessment, anything from vulnerability scans to penetration tests.
In the case that the firewall fails, it is important to have the information accessible to repeat the configuration process.
Set Up Firewall Management
Setting up a firewall requires follow-up care every six months or more. This includes revisiting the setup and future configuration to make sure that the firewall and data are protected from any cybercrimes.
Once these steps have been completed, the company can move on to VPNs.
3. Establish A Virtual Private Network (VPN)
A virtual private network encrypts Wi-Fi, internet connections, and data transfers in a company’s network. Most VPNs have a built-in kill switch to disconnect hardware in the network if a protected connection is lost.
VPNs are vital for businesses that have remote employees or if employees participate in business trips. Using public or home Wi-Fi could compromise a company’s network data. A VPN puts a company at ease knowing the remote and traveling workers are protected outside of an office.
Another feature of VPNs is their ability to mask an IP address, passwords, and browsing history. Here are the steps to set up a VPN:
Find VPN Client, Server, And Router
The first step in setting up a VPN is choosing a VPN client, a VPN server, and a VPN router:
- VPN client: software that creates a secure connection between a business and the VPN server. Depending on the VPN client, some will work in the background and others will allow users to interact and configure them as they prefer.
- VPN server: server that allows both hosting and delivering of the VPN’s services. A VPN server has hardware and software technologies to assist in securing connections.
- VPN router: routing system designed to allow network communication in a VPN setting. A VPN router can connect and communicate with different VPN devices.
These connections allow a business to move forward with their VPN as they need it. All three of these VPN tools will help the network improve and establish an initial understanding of the preferred VPN.
Begin Prepping Devices For VPN
VPNs have a risk of not working with network and infrastructure connections. Preparing the company’s network is a vital step in setting up a VPN.
There are multiple ways to test a company’s network depending on what network they have. If the VPN cannot be connected to a company’s network, it has no way to defend the systems. Experts recommend deleting previously used VPNs and deciding how the business will configure their network.
Download And Install The VPN
Once a company decides what VPN they will be using and has prepared their network, it is time to download and install the VPN. Most VPN providers will help the company set up the VPN.
However, VPN providers do not always offer the software a company might need with their software. Despite this, it is recommended that a company downloads the VPN and tests it.
Otherwise, there are multiple steps to complete this: The simplest way to get your VPN up and running is to install clients from your VPN provider. However, they may not offer software for every platform you need, such as Windows, iOS, and Android. Even if they don’t, it’s better to install what they offer first and then confirm that your VPN account is operating correctly.
Set Up Login Information And Log In To The VPN
Once the VPN has been set up, it is time to create a login to the VPN. When buying a VPN client, for further access for employees, a company may need to set up multiple accounts and logins.
Usernames and passwords should be secure for the business.
Once the company has safe logins, the VPN will connect to the network of the company.
Decide On VPN Protocols
A company needs a VPN protocol to help decide whether they want to route their data between their systems and the VPN server. There are multiple options for what protocol is best for the company:
VPN protocol options
- OpenVPN: open-source protocol, which helps a business sees their VPN code
- Layer 2 tunnel protocol (L2TP/IPSec): known for strong security protection, often using IPSec protocol, to help encrypt the data sent over to the VPN
- Point-to-point tunneling protocol (PPTP): created to use VPN tunnels between public networks
Once chosen, the company will need to apply the protocol to their VPN.
Troubleshoot And Check That VPN Is Secure
A company must check if the VPN is working. Usually, after following the VPN steps, it should work immediately. However, if it is not working, a company should try:
- Restarting the VPN and the devices it is tested on.
- Make sure there is no other VPN or system open that could interfere with the new VPN. If one is running, a business should either delete it or make sure it is disconnected.
- Some VPNs have a “repair” setting to reload the software. If this is an option, it is important to run this.
- If it is a login problem, a company can try again or call the VPN provider
Once the VPN is up and working, a company should check the settings of the VPN to make sure the settings are what the company wants. Some options to look into can be:
- When the VPN should run
- If a company wants to add “favorite” or default servers
- Possibly turn on a “kill-switch” which is designed to help in case the VPN is disconnected
See more: What is a VPN?
4. Be Consistent With Network Monitoring
Whether traffic errors or vulnerabilities, watching the network is the difference between being unaware of cyberattacks and seeing potential attacks before they happen.
Network monitoring statistics that come from paying close attention to a network help a company see abnormalities and fix various problems. Monitoring consistently helps a security team catch bugs or vulnerabilities before a cybercriminal does. When monitoring the network, there are three parts of the system to check:
Three parts to monitor in a network
- Configuration: helps a company by assigning and checking network settings, policies, and current controls.
- Performance: the process of troubleshooting and getting reports on the different parts of the network.
- Availability: based on uptime a network has and how it responds to the connection and performance it is used for.
While adding more software, it is vital to continue monitoring to keep the network safe.
5. Install Malware and Antivirus Protection
Malware protection, including antivirus software, is a key component of network security practices.
Antivirus software will check downloaded applications or data that are new to the network to check that there is no malware. Antivirus software needs to be updated to recognize evidence of new cybercrimes.
Unexpected malware threats are detected by antivirus software, along with websites and emails attempting to phish an employee.
How to set up malware and antivirus software:
1. The business needs to pick antivirus and malware protection software. It is vital for a company to find the software that works best for their business.
Most popular antivirus software
- McAfee MVISION: an enterprise-tier antivirus and malware prevention product. MVISION is recommended for large and new organizations.
- Kaspersky: Kaspersky’s business antivirus products aim to fit any business needs. Kaspersky antivirus prevention products and recommended for any size company.
- CrowdStrike Falcon: CrowdStrike Falcon is a next-generation antivirus and malware prevention product. Falcon is recommended for small businesses.
See more malware and antivirus products: 10 best antivirus software for businesses
2. Once the software has been chosen, download the antivirus and malware protection software from the chosen provider.
3. Follow the instructions given by the provider to install the program. There will likely be an installation process window.
4. When the software is installed, close out the installation window.
5. It is recommended to restart the computer, but it is not a required step. This can help the computer get used to the new software.
6. The company should now scan for viruses. There are three recommended types of scans with the new antivirus software:
3 types of scans
- Quick scanning: typically used for areas that are often at risk. It takes anywhere from 10-20 minutes to only cover these common error areas.
- Full scanning: used for an entire network. This looks for viruses in every part of the system, taking anywhere from 30 minutes to hours. This is one of the safest ways to keep track of the network.
- Scheduled scanning: used to keep scanning consistently as the company needs. A company should find the settings with their specific product to set this up. A company has multiple options to keep their network feeling safe even as they complete other tasks.
7. After scanning, the company should make sure to keep the antivirus and malware protection software updated. Updating helps the software improve scanning for viruses.
6. Update Software Often
Cybersecurity software must be updated regularly as updates appear. Antivirus software, firmware, account information, and applications used to protect a company should be up to date, so cybercriminals are unable to see security vulnerabilities.
Security software staying updated prevents entry points from being introduced to hackers. Software update notes reveal what errors occur and allow anyone who sees the notes to know where to exploit the company before updates are made.
Updates are also important because they can include specific changes to security.
Reasons to update all software often
- Improves performance and protection
- Helps improve workflow
- Keeps software the most up-to-date for new features
- Increases lifespan of software and hardware
- Updates help with minor issues
7. Create Strong Passwords
Strong passwords are essential to a business. Using personal details in passwords can give cybercriminals the ability to break into an account with company information.
How to create secure logins
- An employee should not use their name for a login username. This can easily be hacked by a cybercriminal.
- While websites recommend using the beginning of the email address the account is under, that is not the safest direction to go into. Hackers could easily see this information.
- Any username should be easy for an employee to remember, but not too easy where a cybercriminal can find it through any website, business, or personal social media.
- Never use personal numbers with usernames. Two examples are an employee or company’s address or date of birth.
- No Social Security number or ID number as a username. This is safer for the company, and the employee as well.
- Strong passwords are typically more than eight characters long, with a random assortment of letters, numbers, capitalization, and symbols too difficult to guess.
Employees should be required to have strong passwords to help avoid breaches.
8. Set Up Two-Factor Authentication (2FA)
Two-factor authentication is a vital step in network security. 2FA is anything from answering a personal question, sending a code to an employee’s phone or email address, and fingerprints.
Two-factor authentication is used for network and application access as well and can help secure company and customer data.
Multiple applications have different steps to set up two-factor authentication. Here are the steps for three major office productivity platforms:
Setting up 2FA for Microsoft 365
- Login to the company’s current work account. Microsoft 365 will prompt the business for more information.
- Click next on the prompt
- Download the free Microsoft Authenticator app and follow the steps provided or select “I want to set up a different method.” Microsoft 365 will ask for a mobile phone number, and send an SMS message with the 6-digit code to verify the device.
- Once the employee is in their account, Microsoft 365 will ask for additional verification information.
Setting up 2FA for Google Workspace
- Login to Google Workspace Admin Console.
- Select security on the dashboard, and scroll down to two-step verification.
- When two-step verification is selected, allow employees to turn on 2-step verification.
- Update features as needed, such as:
- Enforcement: Making all employees use 2-step verification
- New user enrollment period: Gives employees time before adding the 2-step verification
- Frequency: Allowing employees to set trusted devices
- Methods: Set allowed methods for the 2-step verification such as phone calls, text, emails, etc.
- Select “Save” when the process is complete
Setting up 2FA for Google Android
- Open the Google Account
- Through the navigation panel, click security
- Under “Signing in to Google” on the Security page, select 2-Step Verification
- Select “Get Started” and follow the instructions on-screen
Setting up 2FA for Apple ID
On iPhone, iPad, or iPod Touch
- Go to “Settings” on the device
- Under settings, go to your name
- Under your name, click “Password & Security”
- Tap “Turn On Two-Factor Authentication”
- Click “Continue” and follow the instructions
- Go to Apple Menu and click “System Settings” or “System Preferences”
- Click on your name or Apple ID
- Under your name, click “Password & Security”
- Next to Two-Factor Authentication, click “Turn On”
- Follow onscreen instructions
If the business has different business applications and tools, different steps can be accessed through the help center or a business representative.
See more: Two-factor authentication: A cheat sheet
9. Educate All Employees On Cybersecurity
If an employee is not trained in cybersecurity and receives a phishing email, there is a chance they will accidentally expose their company’s information. Both in-office and remote employees are at risk.
For instance, employees who don’t understand VPNs or the risk of giving others network access can compromise a company’s network security.
There are many cybersecurity training programs for employees. If they get trained as often as security procedures change, they can help a company avoid a data breach.
Here are helpful steps to educate employees:
Make Cybersecurity Part Of Onboarding
Starting employee cybersecurity training as they onboard help establish safety for the company’s data immediately. Safe passwords and usernames, phishing emails, and cybersecurity breaches need to be covered as soon as possible.
Cybersecurity onboarding needs to include going over the rules as well as explaining why the practices are vital. Explaining the risks for not only the company but for their employees too.
Having guidelines and resources can save a company in case of a potential data breach. Making an employee comfortable with the company’s security can help if they see suspicious behavior. When communication is used between the company, it can save the company.
Teach Various Types Of Cybersecurity Threats
Various cybersecurity threats should be taught too. While spam and phishing are well-known ways for a data breach, other threats that should be taught include malware, ransomware, and social engineering.
Educating employees needs to include real-life examples of possible threats.
Threat tips employees should be aware of
- If apps or programs they did not download appear
- If unusual pop-ups cause device changes
- If the device slows down
- If tabs show up that an employee did not open
- If they are unable to control their device
Employees reporting these activities, whether or not they are a threat, is helpful to keep not only the other employees but the administration aware of any changes.
See more: How to Train New Employees in 5 Steps
Train Employees To Catch Phishing Attacks
Phishing attacks could look similar to normal emails an employee gets sent. In some cases, the cybercriminal will make an email address that is one letter off from another employee at the business. Cybercriminals are also able to fake a domain to get an employee’s login information.
When training employees for phishing attacks a company should tell them to ask:
Phishing attack questions
- Is the email address misspelled or from an unknown business?
- Is the email laid out as other emails are?
- Is there a link asking for login credentials?
- If it has an attachment, does it have an unusual file extension type?
Employees can call the phone number of the company and ask for further information before clicking on links or attachments. Hovering over links and attachments can help see where it plans to take the employee.
Employees should feel comfortable asking questions about possible phishing scams. If they do not, there is a risk of them opening it or giving their login information to a cybercriminal.
Invest In Employee Training
New cybersecurity attacks can happen monthly or daily, so employees should be educated more than once a year while they work at the company. The employees should be updated as often as possible, just as the network security is regularly updated.
The employees need to be aware of their responsibilities within the company’s cybersecurity practices. Keeping employees informed is a vital part of guaranteeing safety.
See more: 6 Best Personnel Training Software
Security Tools to Help Secure Your Network
Featured Partners: Security Software
If your Active Directory isn’t secure, nothing is. Avoid single points of failure with comprehensive hybrid AD protection. Modernize your AD. Get lifecycle defense for identity-based attacks before, during, and after an attack, all supported by a dedicated incident response team.
ESET PROTECT Advanced
Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Get started today!
With Graylog, you get the key features you need to maintain a robust security posture. Graylog is a scalable, flexible log management and cybersecurity platform that combines SIEM, security analytics, industry-leading anomaly detection capabilities with machine learning. Built by practitioners for practitioners, Graylog Security flips the traditional SIEM application on its head by stripping out the complexity, alert noise, and high costs.
Why Is Securing A Network Important?
Network security is a vital part of any business, big or small. Every company’s network is at risk of a cyberattack. Cybercrimes against a company’s network can cause the organization to lose their data and their customers’ data, which can cause clients to work with other companies or bankrupt a business.
A company’s network, infrastructure, traffic, and data can all be affected if a secure network isn’t established within the company. Using the steps above, a company will have:
Benefits of securing a network
- Reduced risk of a cyberattack
- More trust between the company and customers
- Keep confidential information safe
- Save approximately $9.44 million on average by avoiding data breach recovery
- Saves company from going out of business
- Avoid data loss
- Helps avoid legal repercussions
- No damage to brand reputation
- Increased employee productivity without risk
- Controlled access of network
For more: Best Network Security Software & Tools
Securing a network requires different measures from encryption to VPNs to help your company stay safe for any data breaches or attacks. Cyber security attacks have become more common, therefore securing a network has grown in importance.
To protect a company’s network, infrastructure, and data there are steps a company must take. The best way is to complete the steps and procedures to the best of a company’s ability. The more protection a company’s network has, the safer their data and infrastructure are.