How to secure your network from the inside
11th Oct 2013 | 11:49
Security breaches are often caused by your own employees
An increasing number of cyber incidents are caused by employees falling for phishing emails or clicking on malicious links online.
At the same time, many businesses are not adequately protected, with some not taking the most basic steps to secure their networks from the inside.
But protecting yourself is as easy as installing adequate antivirus software, alongside monitoring tools to track your network and employees' use of it.
These monitoring tools are often free, and can show up employees who aren't pulling their weight, as well as helping to prevent attack.
The tools are easy to use; once the software's up and running it's fairly self explanatory, allowing you to see which PC accesses particular content.
It's best to start by working out an acceptable company policy. Excessive monitoring can be detrimental to morale, so you need to strike a balance between protecting your company and considering your employees.
Network monitoring fits into a 'holistic' security strategy, experts agree. But because it deals with employees' network use, it also comes under HR.
It's OK to monitor your staff, as long as you tell them you are going to do it, says Daniel Foster, Director at SMB 34SP.
As part of its employee handbook, 34SP has a policy to warn employees that it can monitor activity. "We tell staff that we will not look at the content of emails, but the time spent on them," Foster explains. "It makes a better work environment to trust your employees."
The company uses Barclays Business Manager by Clearly Business for working out its employee policy, costing between £15 and £20 a month. The firm, which also hosts email itself, uses a custom internal tool to monitor communications. On top of this, it has deployed a Kaspersky antivirus solution, which protects the wider environment by intercepting email and web pages.
Antivirus protection is an important part of keeping secure internally, and each individual machine should be secured. "A decent antivirus suite will do the basic firewall as well," says Foster. "For a small business that's a really great solution."
A monitoring policy should make it clear what employees are, and are not, allowed to do, says Chris Nation, Commercial Manager, Europe at Mako Networks, which provides security solutions aimed at SMBs. "Employees have to accept that if you are using the company's network and infrastructure, then within reason the company has a right to monitor, as long as it's presented ethically."
It's also important to include reporting for visibility, Nation says, adding that vendors such as Mako Networks offer an option to monitor emails, identifying spam and phishing emails which can then be quarantined.
Web monitoring products sit on a manager's machine and search the network. SMBs can also use a proxy server to monitor activity. Using the proxy, a firm can take steps such as banning Facebook access other than at lunchtimes, for example. "It just needs someone to read the reports that come out of the proxy," says Foster. "Some will be IP addresses; or it will be tied to users of the network, so you know who's using it."
Bring your own device (BYOD) is also a concern for a growing number of SMBs. Employees are bringing in their own laptops and tablets, creating extra complexity as they connect to the network. On a basic level, this problem can be mitigated by having adequate antivirus in place, but it's important to consider these extra devices.
Also, if employees are using a mobile 3G or 4G network to access data in work time, it is impossible - and unscrupulous - to monitor it. On the other hand, if staff are using the Wi-Fi network to access non-work content, they could be putting the business at risk - and slowing the network down.
"With BYOD, staff have control over the device," says Stuart Macdonald, Managing Director at IT solutions firm Seric Systems. "They hook up to the corporate network so they don't chew their own network, causing big volumes of traffic."
As you make a start on monitoring your network, basic free tools can be satisfactory, as long as you know what you are doing. Something as simple as Microsoft's Network Monitor will suffice to analyse and manage traffic.
Another option is PRTG Network Monitor, which monitors network availability and use through an easy to use web-based interface, with apps for iOS and Android.
Another easy-to-use product is The Dude, which monitors devices and alerts the business to any problems. Or you can use tools such as Ntopng, which sit in the background and gather network traffic, displaying network usage information and statistics within a web-based user interface.
Macdonald recommends products including IBM Guardium - "for looking at who's looking at things". He also recommends Nagios - which monitors services, applications and metrics; Splunk - a data collection and analytics platform; Capsa Free - a network analyser; and WireShark - an in-depth inspection tool.
Whichever products you choose, network monitoring works as part of a wider security strategy. With the right policies in place, you can see where any problems are, as well as making sure your employees are using the network in the right way.
- Now why not read 802.11ac: what you need to know