Stay safe: Segment your network and monitor who is trying to get in or out

Who comes in and what goes out? Businesses that want to stay safe incorporate common sense monitoring into their physical operations. Whether it’s a key card reader at the door or a burglar alarm that activates at night, attentive companies will keep an eye on entrances and exits.

Your computer systems deserve the same close attention, which is why Start Safe recommends that you segment your network and monitor who is trying to get in and out. Based on FTC cases, closed investigations, and questions raised by businesses, the following examples illustrate the benefits of segmenting your network and monitoring the size and frequency of data transfers.

Segment your network.

Networking technology gives companies the option to connect every computer, laptop, smartphone and other device to the same network. Of course, there may be legitimate business reasons why you need to transfer certain materials seamlessly. But is there sensitive information on your network that deserves special treatment?

Segmenting your network (for example, setting up separate zones on the network and configuring firewalls to deny unnecessary traffic) can reduce the damage caused in the event of a breach. Think of it like a watertight compartment on a ship. Even if one part is damaged, the water will not flood another part of the vessel. By segmenting your network, you can minimize the damage of a leak by isolating it to a limited portion of your system.

example: Companies must maintain records containing confidential customer information. By using a firewall to separate the portion of the network containing company website data from the portion containing confidential customer information, the company segmented its network in a way that reduced the risk to sensitive data.

example: The regional retail chain allows unrestricted data connections between its stores, allowing computers at a Tampa store to access employee information at a Savannah store, for example. Hackers detected a security vulnerability in the store’s network and exploited the company’s system’s “Open Sesame” feature to access sensitive data on the company’s network. The retail chain could have reduced the impact of the initial security breach by segmenting the network so that a weakness in one location did not put the entire corporate network at risk.

example: A large consulting firm divided its network into sensitive and non-sensitive sides. However, the sensitive side’s credentials can be accessed from the non-sensitive side. As a result, the company undermined its segmentation efforts by making it easier for data thieves to access confidential information.

Monitor activity on the network.

Another key component of cybersecurity is monitoring access, uploads, and downloads and responding quickly when issues arise. Businesses don’t need to start from scratch. There are many tools that can warn you about unauthorized attempts to access your network and detect malware that someone is trying to install on your network. These same tools can alert you if a large amount of material is transferred (leaked) from your system in a suspicious manner.

example: A company installed an intrusion detection system to monitor ingress to its network, but was unable to monitor outgoing connections. As a result, a large number of sensitive files are transferred to unknown external IP addresses. If the company configures its systems to flag leaks of large amounts of data and regularly monitors any flags, the company may detect unauthorized transfers.

example: A rogue employee decides to steal sensitive customer information. The company has the tools in place to detect when confidential data is being accessed abnormally and to alert IT staff when large amounts of data are accessed or transferred in unexpected ways. These steps make it easier for companies to catch data thieves and protect customers in the process.

example: One company set up its intrusion detection system to flag when more than 1GB of data was leaked to a foreign IP address. The system flags hundreds of false positives every day. The company decided that false alarms were too disruptive and simply turned off the alerts. It would be better for the company to conduct further testing and calibration to address the false positive issue, rather than shutting down the system entirely.

example: One company properly configured an intrusion detection tool to alert IT staff to unusual patterns of activity on its network. During the setup process, the company instructs the tool to send alerts to specified company email addresses. The IT professional assigned to monitor this address is on long-term medical leave and the email address will not be monitored during his absence. By failing to ensure timely monitoring of alerts, the company increased the risk of breaches going undetected for an extended period of time.

The lesson for businesses is to make life harder for hackers. Segment your network so that data “oops” don’t necessarily turn into major “uh-ohs.” Use easy-to-access tools to monitor who is entering your system and what is leaving.

Next article in the series: Secure remote access to your network