Business Cyber Security - Attention to Detail

15th Mar 2017

You’ve got a firewall.  You’re protected, right?

OK, so you’ve got a firewall.  Does this mean that your network is protected from the bad guys?

Well, that depends on the type of firewall that you have.  In a lot of cases, particularly around small and medium sized businesses, the firewall may not be that much better than the home router most people use to connect to the internet.  It will be able to handle a lot more connections and even do things, maybe like VPNs and VLANs, but it will work on very similar principles.

Your basic firewall will usually be something that you can configure to allow or deny something from getting into your network, or going out of your network, using a specific TCP or UDP port.  That’s good, right?  Unfortunately, that’s only good as long as everybody plays by the rules.

Emails: A gateway for the bad guys

Let’s take a simple example that every modern company does; sending and receiving emails.  In this modern age of business, no company can operate without email.  It is a necessary evil we must all endure.

For emails to go where their supposed to, you must allow your email system out on to the internet to push your message on to the desired recipient.  This means opening up a port on your firewall to allow your email out.  And if you ever expect to receive an email, it also means opening a port to allow the emails in.  But what is to say that data going out or coming in is actually an email?

Your email system – like everyone else’s in the world – will use one of the standard, and well known, TCP ports.  Because this is a well-known port, it means that the bad guys KNOW that this port will be allowing data in and out, and they can try to exploit this.

It’s not just emails that leave you vulnerable.  If you have a web server on your network that anyone on the internet can view, or your DNS server can be accessed from outside of your network, these will use the standard and well-known ports so that people can get to them.  And so can the bad guys.

I’m OK, all my machines have anti-virus software

Great!  All your machines should be protected by some sort of anti-virus software.  AV tools are an invaluable tool in any modern data driven business.

But here’s the hitch – that AV software is only as good as the last update.  And even then, that last update may only be seconds old, but if the supplier of the AV update hasn’t seen a particular attack, then they may not have the tools to protect you from it.

I’m not saying that getting a better firewall will stop any viruses getting through, but it will help in limiting the number of possible vectors they can use to get in.

So, what can I do to protect my network?

The Next Generation Firewall has some added features that can help protect your network and the data you store on your network.  Some of these are: –

  • Zone Protection – allows you to setup zones that you can trust and those you can’t.  Each interface on your firewall can be assigned a zone and you can say that people in the “Dirty” zone aren’t allowed in to the “Clean” zone.  You are not restricted to just two zones, depending on the firewall; you may be able to set up zones to isolate your users from your critical systems, a separate and isolated DMZ, or anything that fits with your network’s needs.
  • Application Filtering – allows you to not only check that certain services are using certain ports, but also to delve into the data that is coming in or going out and make sure that it is what it should be.  So, if someone is sending you an email, your Next Generation Firewall can make sure that the data packet is actually an email and not something trying to break in to your system.  Again, it’s not just emails it can check, but thousands of different types of applications.
  • URL Filtering – allows you to prevent your users going to sites that may contain some virus or Trojan that could infect your business network.  It can also be set to prevent your users going to web sites that your business might consider inappropriate.

Oh, that must be expensive?  I’ll never get the budget

OK, these things are not cheap, and anyone with a business mind knows that you can’t spend more than you can afford.  But you have to ask yourself; how much is the data on your network worth to your business and can you “afford” to lose it?  Imagine that someone breaks in to your network and steals all of your outstanding invoices.  What if that person then sent a message to all of your customers with outstanding bills saying something along the lines of: “We’ve changed our bank account details.  Please make your payments here.“, and “here” is not your bank account…you now have two VERY big problems.

  • Financial: Your customers aren’t going to pay twice.  They have the letter/email, with your company logo, telling them that you’ve changed bank.  They have the bank statement proving that they’ve made the payment.  Why should they pay again?  Would YOU?
  • Reputation: How many of your customers will come back to you to make their next purchase knowing that your network has been compromised?  Would YOU go back to a company you know has been hacked?

Protecting your network isn’t just something that you should do, but more along the lines of, can you afford not to?  Now, we aren’t saying that having a Next Generation Firewall is the complete solution to protect your network; it is just one piece of the armour you need to help protect a modern data driven business.

Some final thoughts

Gone are the days where hackers broke in to systems for fun and giggles.  Hacking has become a multi-billion pound market. Take a look at some of the big names that were hacked in 2016 here.  These companies have millions, if not billions of pounds that they could, and probably have, spent on protecting their networks, yet those baddies still got in.

Also, remember that a hacker may be attacking you, not for your money, but they may be after information about one or more of your customers, and are after their money. In 2016, T-Mobile was hacked for their customer database.  The hacker didn’t actually take money from their bank account, but because of this hack, many of their customers moved to a different supplier.  Imagine the lost revenue that caused them!

Also, imagine how your biggest customer would feel if they were to learn that they were hacked because the bad guys got the information that led them to get in to their network, from somebody hacking your network.  And, what if you were hacked because the network of one of your suppliers wasn’t secure and the hackers gained the information to hack you, through them.

And finally, it is estimated that more than 3 out of 4 companies around the world have been hacked in one way or another, so it’s not a case of “If” you get hacked, but “When“.

The thing you should be asking yourself is “What can I do to limit my exposure from bad guys?”

What Next?

If you are planning to deploy an enterprise-grade wireless network or are experiencing problems with a existing setup, please feel free to contact Ensign Communications for a chat with our technical team.