The 9 Most Vital Network Security Best Practices

Updated June 14, 2021.

An old truism suggests that an ounce of prevention is worth a pound of cure. While this saying is relevant in most aspects of daily life, it becomes especially appropriate when applied to business network security.

Data Dangers

Thanks to the internet, individuals, businesses and computer systems can now share sensitive data among one another more easily than ever before, but there’s a downside to this near universal connectivity: network attacks are becoming more and more prevalent. According to a recent PwC Global Economic Crime Survey, 32 percent of organizations have experienced illegal data breaches, making cybercrime the second-most reported economic crime in the world.¹ At the same time, IBM reports that within the U.S. the average data breach ends up costing the targeted business approximately $7.35 million dollars.²

Attacks, moreover, are becoming more frequent.

With so many threats and so much at stake, even the best network practices for security teams are struggling to keep up. The good news is that there are measures you can take to protect your business against the range of cybersecurity dangers that threaten it. We’ve compiled them into a single list of nine network security best practices. Read on to see how with a little prevention you can optimize your network security plans.

Checklist: The 9 Network Security Best Practices

1. Maintain your software
   

   Network attacks are evolving, and yesterday’s solutions may not be enough to counter tomorrow’s threats. This is why one of the most essential — yet most basic — network security best practices is keeping your antivirus software current. Effective, up-to-date virus software will incorporate tested solutions to some of the most recent known exploits. As such, software updates should be installed immediately as they become available. The most effective antivirus options can protect you in over 90 percent of instances.³ However, no single solution is fool proof, and as threats become more advanced, ongoing antivirus audits and supplemental systems are becoming just as important as installing the latest patches.

2. Make visibility your top priority

   We tend to view our networks as walled fortresses trying to repel incoming enemy attacks, but in truth sometimes it’s the people inside the walls who are the bigger danger. Nearly 75 percent of all data breaches⁴ are a direct result of insider threats — and of those threats, 68 percent can be attributed to employee or contractor negligence⁵ (only 22 percent of insider threats are intentional). The solution? Improved network visibility. Constantly monitoring users within your network may be the single-most important security policy you adopt.⁶ After all, if you can’t see it, you can’t secure it. By tracking internal network use, you can improve your situational awareness and see what actions may be compromising your network security. You can then move to correct those actions before they turn into something more serious.

3. Keep a close eye on user permissions

   This network security best practice can sometimes be overlooked. While unintentional insider threats may be the more widespread problem, intentional ones — where authorized users attempt to steal valuable data — can still cause major damage. In many cases, these kinds of attacks happen as a result of disgruntled employees (or former employees) using their network permissions to access sensitive information. Most businesses have different levels of privileged users but giving anyone access to everything is a huge risk. Never allow any of your users the authorization to security logs and be sure to provide and enforce network-use guidelines for anyone with permission to access network data. Also, be aware of the dangers of BYOD and IoT devices connecting to your network, as these devices can also carry malicious programs or lead to data being taken off premises.

4. Use a reliable network packet broker to send the right traffic to the right tools

   When it comes to network security, we sometimes err on the side of caution. For example, even though certain tools are designed to be more effective with certain kinds of traffic, many organizations still send all of their network traffic to all of their security tools. Unfortunately, with network speeds, data volume and the number of business applications all increasing, security tools are being pushed beyond the capacity they are built to handle. This increases cost while also slowing down business applications and, ironically enough, leaving networks more open to attack. A much better solution is to give your security tools access to only the traffic they need to analyze, while preventing access to the traffic they don’t need to see. A next generation network packet broker, purpose built for security solutions, can provide traffic intelligence features such as metadata, application session filtering, SSL decryption, masking and more to ensure that appropriate traffic is being optimally routed to inline and out of band security tools. This not only improves network security, but also allows for faster application and network performance.

5. Stay compliant

   Your organization isn’t the only one that wants to keep your network safe from intruders. Users have a vested interest in ensuring that their sensitive data is kept out of malicious hands, and that means that the government is likewise interested. Federal and other government rules exist to help ensure data security, and businesses and other organizations are expected to comply. Regulations (such as HIPAA, ISO and PCI DSS) may seem like an extra hassle, but they provide a number of reliable network security best practices around policies and procedures that can keep you customers and your business, safe. If you want to keep your network secure, don’t let your compliance slip.

6. Establish a security policy

   Speaking of regulation and policy, sometimes setting clear expectations and guidelines for your employees can mean the difference between secure and unsecure networks. This will help network users better recognize what is, and what is not acceptable user behavior. Perform a network security risk analysis and see what areas your policy most needs to cover. Of course, guidelines are only useful when employees internalize them. Given the massive amounts of employee onboarding most organizations put their new hires through, it’s not surprising that many employees fail to do more than give network security policies more than a cursory glance. To make sure that employees are contributing to network security, provide ongoing security-policy training, including what to do in real-life situations. Also, keep a security policy expert on hand, so that when users need further clarification they have someone they can go to.

7. Always back up your data

   One important thing to remember about digital information is that it can be copied. This means that at any given point in time, your organization can create a backup — essentially a detailed snapshot — of your network data. By then maintaining that data separate from the rest of your network, you’ll have a recent version of your data to fall back on in the event of a damaging cyberattack. Despite this, only about half (51 percent) of businesses keep a data backup, and only 36 percent of enterprises back up their business data completely. Be sure to regularly back up your entire network, so that no single breach has the capacity to completely obliterate the information your company depends on.

8. Don’t forget about third-party users

   Many businesses outsource to third-party contractors, and that often means that those contractors need some level of access to the organization’s network. That said, if internal employees represent a major threat to your network security, then third-party users are at least as dangerous. Allowing third-party contractors network access increases the number of system access points, and in turn creates more potential entry locations for malicious attacks. If you work with contracted employees or agencies, never allow them more data access than is absolutely necessary. At the same time, carefully evaluate any contractors before you commit to work with them. If they are compliant with regulatory requirements, and if they follow effective security policies, they’ll be less likely to turn into a liability.

9. Educate your users

   Network security best practices can help you create an effective plan of defense for your vital data, but if your users aren’t doing their part, then your network will always be vulnerable. This means that if you want to secure your data, you need to secure the users who access it. Train your employees on how to recognize and report specific threats, create strong passwords, and use and access data correctly. Your security best practices are only as good as those who follow them. Educate your employees on how to protect your network, and you’ll have another reliable line of defense between your data and the threats that could compromise it.

Prevention Is Always the Best Network Security Plan

By the time you discover that your organization has suffered a data breach, the damage will have already been done. This is why it’s so important to prepare ahead of time with these nine network security best practices. After all, an ounce of prevention is worth far more than a pound of cure.

To help your organization develop an effective security posture to deal with any threat that comes your way, check out Gigamon intrusion prevention solutions, and secure the network data that supports your business.

Citations

1. https://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf
2. https://www.ibm.com/security/data-breach
3. https://www.csoonline.com/article/3215866/best-antivirus-software-14-top-tools.html
4. https://securityintelligence.com/news/insider-threats-account-for-nearly-75-percent-of-security-breach-incidents/
5. https://dtexsystems.com/2017-insider-threat-intelligence-report/
6. https://www.gigamon.com/resources/resource-library/video/vi-why-visibility-matters-in-every-security-strategy-1046.html