Segmenting And Segregating Your Network: Often Overlooked Tips For Keeping Businesses Safe
Let’s imagine the typical very-small-business with about 10 employees, maybe fewer. They probably use one network for everything, right? The secretary or office assistant has the same level of network access as their IT person—who may or may not just be someone’s nephew who’s pretty good with computers. Like many small businesses, they probably think this all makes perfect sense; after all, they’re too small to need anything more complicated. But then the unthinkable happens: the office assistant gets phished. Suddenly, network credentials for the whole business are up for grabs to cybercriminals.
Situations like this happen all the time, but the truth is: they’re not that hard to prevent. If you’re an MSP or small to medium-sized business, you should be thinking access privileges, especially as they relate to networks. And the more sophisticated cyberattacks become, the more important it is for you to take advantage of all the security steps you could possibly have in your arsenal—specially the easy ones. Network segmentation and segregation are two of the easiest ways to help protect businesses from the spread of malware.
Modern network demands
If you’ve been in IT for more than a couple years, then you’ve already seen the concept of the “business network” evolve before your eyes. To protect your business and customers, you need a firm grasp on these changes. Here are a few examples of processes and technologies that have drastically changed the way we work:
- Bring Your Own Device (BYOD): 67% of employees report that they use personal devices for work-related activities. Plus, more and more employees are working remotely, either on the go, or in home offices or shared work spaces. These phenomena raise important questions, such as: should your business separate network access on different types of employee devices?
- The Internet of Things (IoT): More devices connect to the internet each day. That means there are constantly more unsecured devices available, creating an even broader attack surface for today’s cybercriminals. (In case you’re curious about the actual numbers—in 2009, there were 900 million connected “things”. Today, that number has hit over 14 billion! Gartner predicts there will be 25 billion IoT devices by 2025.)
You need more than a firewall
If your servers, printers, and other corporate devices sit behind a firewall, you’re on the right track, but you’re not done yet. There are plenty of cyberattacks that are designed to circumvent regular security measures like firewalls. Many attacks originate at the user/endpoint layer (e.g., through phishing), which is why endpoint protection is crucial in addition to firewalls. Also, some networks may require an additional DMZ (demilitarized zone), which sits behind the outward-facing firewall and protects the local area network.
Here’s the bottom line. Having all unsecured devices attached to one network massively increases the risk of a critical attack and its ability to spread. Even with firewalls, the network isn’t fully protected. However, if you divide a network into multiple, smaller sub-networks, it not only makes it more difficult for attackers to meet their goals; it can also help you identify and address threats earlier in the attack lifecycle. As an added bonus, network segmentation can even help businesses meet certain regulatory compliance requirements (for example, some regulatory bodies like PCI DSS require that payment systems be kept separate from the rest of the network.)
Simple network security tips
Implementing network segmentation and segregation doesn’t have to be a huge lift. Here are a few easy tips for success:
- Deploy reliable endpoint detection and remediation services on all devices.
- Set up network devices to deny access to untrusted apps and websites.
- Restrict access to keep corporate resources separate from BYOD.
- Ensure any guest and WiFi networks can’t access sensitive network resources or data.
- Require that any new, unknown, or guest devices use a separate guest network with limited access.
- Set up a DMZ firewall.
- If possible, use physical network segmentation.
Next steps
Learn more about how to lock down your business’ security in this video on reinforcing your network:
You can also start a free Webroot protection trial and see for yourself how these integrated, cloud-based solutions can help you prevent threats and maximize growth: Endpoint Protection | DNS Protection | Security Awareness Training.