Protecting Your Business Network: A Guide to Ensuring Security and Resiliency Even as major news outlets continue to report new stories about massive security breaches at the world s largest companies, network security threats against small to mid-sized businesses are also on the rise. According to Internet security firm Symantec, one in five businesses with fewer than 250 employees was targeted by at least one spear-phishing email in 2013. 1 Your network is your business infrastructure s nerve center, affecting virtually every area of operations. Enhancing your business network security and resiliency requires careful planning and good everyday practices that will involve strong policies and partners, as well as employee training. While the myriad threats from hackers, malware and other areas may seem daunting, you can take steps to help protect your network. While the myriad threats from hackers, malware and other areas may seem daunting, you can take steps to help protect your network. Protecting Your Business Network 1
Awareness Is Power: Evaluating the Threats In order to help protect your network, it s important to understand the threats to your business in an objective way without being alarmist or assuming they could never affect your company. Threats may be internal or external. In addition, your business may face risks as a result of compliance issues or the fallout from business interruption. Internal threats Threats to your network may routinely come from inside your organization. They may include: Employee errors Lax data protection and inappropriate employee access Bring your own device (BYOD) breaches and virus threats Poor passwords Failure to follow security protocols. External threats These are the common threats that we typically think of when we discuss cyber security, including: Malware Regulatory Compliance Many sectors face regulatory compliance requirements. Ensuring that your company is adhering to these compliance issues and properly reporting to the appropriate agencies is an important step toward mitigating risk, especially those related to data breaches or other online threats. Business Continuity The financial threats to your business can be extreme if your network goes down. One source estimates that unplanned downtime can cost some businesses an average of $5,600 per minute. 2 Confirming that your network, data and applications have appropriate backup and redundant systems is essential to ensure your business will keep running, regardless of any security or other threat. Confirming that your network, data and applications have appropriate backup and redundant systems is essential to ensure your business will keep running, regardless of any threat. Hackers Phishing Botnets DOS/DDOS server attacks Protecting Your Business Network 2
Protecting Your Business Once you have a clear understanding of the threats and risks, it s time to begin making a plan for key investments of time and resources that will protect your network. By taking some straightforward, practical steps, you can mitigate the risks to your business. Create and communicate clear internal policies. Employees should understand the protection measures they need to take when accessing data, whether within the organization or on their own devices. For example, the company should set parameters regarding accessing inappropriate websites, strengthening passwords and use of USB drives, which can all be key access points for breaches. Use the right tools. A variety of popular tools can help you manage the threats your business faces. Virus protection packages and intrusion detection systems (IDS) or intrusion detection and protection systems (IDPS) help you identify when someone has inappropriately breached the network. In addition, firewalls can offer good protection as a gatekeeper of traffic coming into your network. It s also critical to have a practice of regularly updating security platforms and software. Ensure redundancy. Whether you re managing your network in-house or outsourcing services, you need to ensure that you have appropriate backup and secondary systems for business continuity. For example, if your community is hit by a massive storm, it s possible that your local network may be down for some period of time and employees may not even be able to get to work. How will your provider ensure that your network gets back up and running as fast as possible? Proper data back-up, security and redundancy plans ensure that if your network is affected by attack, disaster or other interruption, measures are in place to maintain continuity of operations. Use data encryption. Many companies overlook this basic element to protect data. Work with your IT provider to ensure that your data is encrypted, meaning that it is transformed so a third party cannot read it. Typically, your provider can help you find solutions that work appropriately for your company. Have a solid plan. As you craft your continuity plan, walk through the various threats and risks your business faces, as well as the data, functions and platforms your employees will need. Spell out your action plan for each potential interruption or problem. Include how employees are expected to continue business operations in case of an emergency, even if they are not able to get to the office. By taking some straightforward, practical steps, you can mitigate the risks to your business. Protecting Your Business Network 3
Choose the Right Partners As you make important decisions about your network management, you may choose to outsource some or all of your network functions and security. Evaluate prospective partners carefully by taking these steps. Ask key questions. You have questions. Your service provider should have ready answers. Among the questions you ll need to discuss are: What am I getting for my investment? How can you help me achieve my business goals? What security measures do you have in place to protect my data and systems? What redundancies and other measures do you employ to ensure business continuity? Evaluate cost vs. opportunity. In some cases, it s less expensive to outsource your network needs, while in other cases it makes sense to maintain some of the maintenance and service in-house. Evaluate the cost for both. Be sure to consider the possibility of down time if you maintain systems in-house and do not have appropriate redundancies. Look at the network particulars. When it comes to determining that your network is going to be there when you need it, it s important to understand whether your provider operates its own network or is reselling someone else s network, thus giving it less control over systems and continuity. For example, many Competitive Local Exchange Carriers (CLECs) resell the same last mile network service offered by the Incumbent Local Exchange Carrier (ILEC). As a result, an ILEC outage may affect customers of several CLECs as well. Ensure disaster recovery systems are in place. Companies should expect that their service providers have offered disaster recovery options, such as network diversity and resiliency, a proactive and responsive Network Operations Center (NOC), as well as an agreed-upon plan of restoration to services. Understand your service. Your IT partner should provide service guarantees and have a history of addressing customer service issues appropriately. How can you be sure about the method of addressing network issues and the timeliness of the provider s response? Having a robust business continuity and security plan is an often-overlooked, but essential component of a strong business. Protecting Your Business Network 4
Planning Protects Your Business Having a robust business continuity and security plan is an often-overlooked, but essential component of a strong business. By taking steps to evaluate and mitigate threats before they happen, you can help protect your business from avoidable losses and can focus resources on growth. About the Author Carl J. Noblitt is a Commercial Sales Engineering Manager with Spectrum Enterprise in Texas. During his 30-year career, he has held a variety of positions in Engineering, Design, Solutions Architecture, Marketing and Sales Management at Spectrum, XO, Verizon Business, ADC Telecommunications, PageNet, MoneyMaker EFT Services, and NetSolve (Cisco). About Spectrum Enterprise Spectrum Enterprise, a division of Charter Communications, is a national provider of scalable, fiber-based technology solutions serving many of America s largest businesses and communications service providers. The broad Spectrum Enterprise portfolio includes Internet access, Ethernet access and networks, Voice and TV solutions extending to Managed IT solutions including Application, Cloud Infrastructure and Managed Hosting Services offered by its affiliate, Navisite. Our industry-leading team of experts works closely with clients to achieve greater business success by providing these right fit solutions designed to meet their evolving needs. For more information, visit http://enterprise.spectrum.com. 1 Symantec, 2014 Internet Security Threat report, p. 18., http://www.symantec.com/content/ en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf 2 Emerson Network Power, Understanding the Cost of Data Center Downtime: An Analysis of the Impact of Infrastructure Vulnerability, pg. 6. 2016 Charter Communications. All Rights Reserved. Not all products, pricing and services are avilable in all areas. Pricing and actual speeds may vary. Restrictions may apply. Subject to change without notice. Protecting Your Business Network 5