WatchPoint Security Blog

Top 4 No-Cost Ways to Secure Your Network

Written by Greg Edwards | March 01, 2016

Cyber criminals go after the easiest targets.  Make your system as hard of a target as possible with these easy to implement suggestions.  The list below assumes you have a firewall and Anti-Virus (AV) in place.  Do not rely solely on a firewall and AV - this leaves your network at about a 90% chance of getting hacked.

#4 - Secure Wireless Devices

Most companies offer wireless access for their employees and their guests. It’s very important to make sure that your corporate wireless is segmented from the guest wireless. After all, you don’t want your guests to have any access to your company files.

A wireless router can typically offer a separate VLAN for guest networks. A separate VLAN will make sure that your guests cannot see your employees and that your employees cannot see your guest’s data and activity.

Also, make sure that the wireless network is using encryption and that the password is not something simple and easy to guess. Passwords that contain a company’s phone number, fax number, or address are examples of what not to use.

#3 - Don’t Use Default Passwords

Default passwords for routers, firewalls, and wireless access devices are well known and well documented (http://www.defaultpassword.com/). And that’s just one example. Many websites have this information documented, including the manufacturers. Leaving this information the same as when it left the manufacturer opens you up to a potential compromise. A compromise from one of these Internet devices could allow an attacker to intercept and read all traffic moving in and out of your network.

#2 - Enforce Password Complexity, Password Expiration and Lockout Policies

Set a password expiration policy to force expiration every 30-60 days.  This forces users to change their passwords often and helps to prevent them from using the same password they set for their Facebook, NetFlix, LinkedIn, and every other online account they have.  160,000 FaceBook accounts are hacked every day. 

Set account lockouts. This determines the number of times a user can incorrectly type a password before the account is locked. Brute force attacks can process billions of password combinations a second.  Three is the recommended number, but five attempts is a more realistic number that won’t cause you to be constantly resetting user’s passwords because of failed attempts.

Password complexity determines the length of the password and how many special characters and numeric characters are used. This requires users to set more complex passwords.  A random eight character all lower case password can be cracked by the average desktop computer in 52 seconds.  If the password is a dictionary word, it can be cracked almost instantly.

This article from Microsoft walks you through changing these settings on Microsoft systems: https://technet.microsoft.com/en-us/library/dn452420.aspx

#1 - Enable Automatic Operating System and 3rd Party Updates.

This should be a no-brainer, but lots of technical personnel still don't want to turn on automatic updates because of the potential problems patches can cause.  The rewards far outweigh the risks.  99.9% of data breaches in 2014 were traced back to vulnerabilities that had a patch available that was at least one-year-old.  Security patching is the number one thing you can do to protect your network from cyber criminals.

Turn on automatic updates from within Windows and enable updates in other software products like Java, Adobe, Firefox, Google Chrome and Shockwave.

Implementing these 4 strategies is a great start to securing your network.  To take your network security to the next level, look to WatchPoint to secure your network devices.

With WatchPoint's Security Solution you will:

        Know someone is securing your business.

        Have true visibility into your digital assets.

        Have a support staff dedicated to safeguarding your network.