This post is also available in: Español (Spanish)
The evolution of communication systems and devices such as laptops, mobile phones or tablets, gives us a versatility and freedom never seen before.
Being able to access our own or third party resources from anywhere at any time of the day has brought with it new risks that for IT specialists mean even tighter control of devices and communications. In this way, having specific tools to protect resources and the corporate network has become vital for today’s business.
There are 4 phenomena that occur every day in your business, and put your data and tools at risk. These are the measures you can take to protect yourself:
Bring Your Own Device (BYOD)
From the American-rooted term BYOB (Bring Your Own Booze), by which the guests had to bring a bottle to the party they were attending, a phenomenon has emerged that is gaining strength every day: BYOD (Bring Your Own Device). In line with this trend, each member of staff chooses and uses his or her own devices at the workplace, with which he or she accesses the company’s resources.
BYOD is a great way to make work easier, get more involved, and improve staff performance by providing greater work flexibility. However, the ability to use one’s own computer or mobile phone must be coupled with measures to protect the organisation’s data at all times. For example, to prevent any eventuality such as the spread of malware over the network, the loss of the device with valuable information or unauthorised access from altering or deleting sensitive data.
The wireless connectivity of the different devices within the company must prevent access to information in transit by encrypting the connection, user authentication and the network itself. Establishing a protocol such as WPA2-Enterprise will cover these three aspects. In addition, it will be of great help to have a Wi-Fi controller, which will become a valuable ally with which you will gain in security and management capacity.
Once the transit of the data is protected in the area closest to the user, you will have to focus on creating policies and protocols to access the information within your own company. You will achieve this by implementing rules through which you will have to establish different configurations to grant and deny the necessary permissions to users, distribute the membership of users to different networks, and control user access to the resources of the different networks.
To cover the aspect of a possible loss of devices, the use of web applications is recommended, where both the information and the application are located in a secure web server (physical or in the Cloud). All this with secure and encrypted connections via HTTPS and SSL, so that the device itself with which you connect never contains the information you are working with.
With the expansion of a company, the need to locate different branches in different geographical locations, often separated by hundreds of kilometres, arises. However, these workplaces still require fluid communication between the staff and in many cases develop and elaborate projects together as if they were in the same office.
To facilitate the communication of teams and people in distant places, there are the MPLS networks, which unify all the work centres as if they were one. In this way, people can access any resource of the organisation regardless of its actual location, behaving as a single office.
It is essential to add an extra layer of security to MPLS to make connections more robust. Be aware that if you receive an unexpected “traffic injection”, such as a denial of service (DoS or DDoS) attack against your public IP, you may run out of available bandwidth. This will result in a drop in communications, which means a loss of staff time.
Perimeter security protects you against unexpected events such as a denial of service (DoS or DDoS) attack. This layer of security provides an extra layer of stability and will prevent communications from being slowed down, as it will mitigate possible external attacks that could bring communications to a complete halt. Your ISP will ensure that this attack traffic is blocked before it is delivered to your line. In this way, the company will not stop.
Giving your visitors access to the Wi-Fi network is an unavoidable act of courtesy; it is very practical for your clientele or guests when they need Internet access for professional purposes. This way, you avoid the hassle of having your visitor tehering or, if they come from a foreign country, making expensive connections with their mobile operator.
Having a network for guests will allow you to protect your information from access by unauthorised persons. In addition, there will be no visibility between these devices and those of the organisation itself.
A Wi-Fi controller combined with the traffic segmentation of your network infrastructure, which divides into different zones by means of different VLANs, will be two essential elements to help you differentiate and control access, as well as protect the different networks.
Segmentation will provide you with security by isolating one traffic from another, avoid congestion by separating broadcast domains and increase efficiency by making each network unaffected by the other’s bandwidth and processing consumption. All this will give you the stability that every company needs.
Access from the outside
Remote working is here to stay. In fact more than 90% of companies are confident that the benefits of distance working outweigh the risks involved. Thus, although there has been a recent increase in cybersecurity incidents where the main cause has been remote access, the trend continues.
To protect your corporate network from access, you should bypass the entry through “listening ports”. In addition, if access to company resources is required from a device that can be located anywhere, you should ensure that all connections are made via an SSL VPN. This provides simplicity and security. These connections are established up to the company’s own firewall, which negotiates the connections by providing encryption to the communications and managing the access policies for each user.
SSL VPN connections provide an encrypted tunnel. They also make it possible to provide those resources that each user needs to work with and restrict others from the firewall itself.
How can I further secure my corporate network?
For greater protection of networks where you need to work with equipment that is not managed and controlled by the company or work with connections from remote devices, there are Next Gen solutions from companies like Sophos. These tools offer extra security through their network devices. They also have protection technologies such as Deep Learning to detect as yet unknown threats or to isolate compromised systems automatically and effectively.
A solution with MDM Endpoint Security software such as Intercept X, which can be installed on end computers, will allow you to achieve a higher level of security than that provided by traditional anti-virus software. Thus, this software will allow you to complement your antivirus, and even replace it. This tool uses Artificial Intelligence to intercept malware and ransomware exploits before they reach your corporate network.
An endpoint security solution will help you manage all your devices in a unified way without the need for direct intervention on them. This is because it provides you with a portal with an intuitive interface through which you can carry out the necessary tasks for managing applications, content, encryption and remote wiping in the event of loss or theft. In this way, you will be able to guarantee the security and integrity of each end device to protect your network and information. Through this type of solution you will also receive alerts in case a device is compromised. In this way, you will have the possibility of taking the appropriate measures or revoking the access of the device to the company’s resources.
Using these types of cyber security solutions for endpoints will allow you to minimise any possible risk and guarantee the continuous operation of your organisation, regardless of the type of threat that may arise, using the latest and most advanced techniques. All this without leaving the freedom of the staff to choose which devices to use, how to connect and where to work from.