Global spending on information security exceeded $7 billion last year, but that doesn’t mean your business has to spend large sums of money on a secure network infrastructure.
According to a recent Kaspersky Lab survey, the average IT security budget among large enterprises is about $3.35 million. For the small-to-midsized business (SMB), that figure is unimaginable. So, in a world swarming with cyber-threats, how can any SMB secure its IT network without spending itself out of existence?
Here are some tips on how any organization can bolster its network security on even the slimmest of IT budgets, including:
- Start with an expert assessment
- Strengthen your firewall
- Segment your network
- Establish a strong password policy
- Patch and update frequently
- Remote backup
Read on to learn about how you can implement each of these tips to achieve a solid IT infrastructure and increased network security.
1. Start With an Expert Assessment
Get a professional, objective evaluation of your firm’s current IT infrastructure, your company’s needs, and your enterprise’s resources — both financially and intellectually. A consult with a trusted managed services provider, or MSP, is a good place to start. Recommendations from a professional MSP, one that is brand agnostic and fully understands your enterprise’s core mission, is an extremely cost effective way to design solutions that are within your budget.
By taking a comprehensive approach in assessing your company’s total IT security environment, an MSP will consider both your firm’s security culture and your strategic assets. This will help you set your own security policies that should be adhered to throughout your organization, and eliminate any weak links in the security chain.
2. Strengthen Your Firewall
As a first line of defense against cyber intruders, the firewall is critical. Pre-installed firewall software that comes on most new computers is just not strong enough to protect business networks.
For a relatively small investment, you can layer on an additional enterprise-class firewall that provides added security features such as:
- Internet and bandwidth filtering
- Gateway antivirus
- Gateway antispyware
- Intrusion prevention
This is an affordable security solution often referred to in the IT security industry as unified threat management (UTM).
3. Segment Your Network
The installation of a business class firewall with Internet filtering will stabilize your bandwidth and allow for network segmentation or segregation. This will really beef up your security capabilities by enabling you to keep hackers from compromising your entire network if they breach any part of the system. Basically, it's like watertight compartments on a large ship that can be locked down to prevent one hole in a ship’s hull from filling the entire vessel and sinking it (Titanic, anyone?).
A well-segmented network perimeter will allow for the design and implementation of network modules or DMZs based on your organization’s needs and resources. For example, you may have a research and development (R&D) division and a payroll department, neither of which needs access to the other’s network. Separating division networks reduces the potential for both inside abuse, and limits any damage if someone gains unauthorized access to any one network segment.
4. Establish a Strong Password Policy
In my opinion, implementing a strong password policy provides more bang for the buck than any other low cost security step. Publish your password policy and enforce it. Although most passwords can, with enough time and effort, eventually be cracked, strong passwords are a major deterrent to cyber-crime. Hackers have tools that seek out weak passwords and move on when faced with complex ones.
Here are some password guidelines to consider:
- Password minimum length of 8 to 10 characters
- Case-sensitive passwords
- A minimum of one lowercase letter
- A minimum of one number
- At least one special character, such as an exclamation point, hash tag, or dollar sign
- Passwords should expire once every 60 days, with reminders issued at least two weeks in advance
5. Patch and Update Frequently
Attackers are getting very good at exploiting known vulnerabilities, but if your systems are properly patched there will be nothing to exploit. Patching and updating is an ongoing process that must be performed on a regular basis. Regularly update all system software applications on all enterprise devices (servers, computers, laptops, and all mobile devices). For third party products, apply updates as soon as they are released. Be vigilant, because not all products receive patches and updates via automatic download.
6. Remote Backup
Regularly scheduled remote backup and encryption is affordable insurance in case your data is compromised. By utilizing either an inexpensive cloud storage option or a remote hosted solution, you guard against both cyber threat and loss resulting from a physical disaster such as fire or flood.
All of these system configuration recommendations can be made easily and take into consideration the budget constraints of the small-to-midsize enterprise.