Network hardening is the process of securing your network by reducing vulnerabilities through configuration changes and specific steps. It’s an important part of reducing overall cybersecurity risk at your organization. If you harden your nonprofit’s network you will see more long term security immediately.
As you look to improve your nonprofit cybersecurity approach, here are eight steps to take to harden your network.
1. Educate people and update policies.
This isn’t a technology-focused step, but it’s the starting point for any organization seeking to improve security. Hardening your network without educating users is like installing an unpickable lock at your home but failing to have your family lock the doors when they leave.
Users must be trained in how to use devices on the network, and policies must be up-to-date and enforced to ensure follow-through.
2. Implement a firewall.
If you’ve committed to training users and maintaining updated policies, one of the first and most common steps in network hardening is to implement a firewall.
At a basic level, firewalls simply prohibit unauthorized access to a network. The metaphor of a postal office is often used to describe their function; these tools look at the address of letters (data packets) and send them back if the address seems suspicious. More advanced firewalls can also “look inside the envelope” – that is, flag packets for potential malicious content.
3. Monitor network traffic.
With your firewall set up, you should seek to monitor traffic on your network. This can be done manually (by reviewing logs), but it’s best to implement 24/7 monitoring solutions.
Network monitoring is important for two reasons. First, it will help you to establish baseline levels of traffic and normal patterns of behavior. These will give you standards to measure against as you protect against cybersecurity threats.
Second, network monitoring will allow you to be updated to malicious activity in real-time. When traffic or behavior on the network is outside of standard baselines, admins can be notified, and preventative actions can be taken quickly.
4. Maintain systems with up-to-date patching.
Technology patching essentially means ensuring that platforms are up-to-date and active. Patches are most often delivered from a cloud platform.
Our best practice is to patch workstations weekly and servers monthly. Most attacks are perpetrated by exploiting vulnerabilities in the operating system and third-party applications such as Java, Flash, and Acrobat, so nonprofits should proactively minimize these risks.
5. Don’t use default device settings.
One of the simplest steps to hardening a network is to ensure that network devices don’t use default settings. Default settings are often to make devices publicly available; leaving them unchanged can make your systems easier to breach. Your nonprofit should take a hard approach and systematically validate that every system has had its default passwords changed and security settings configured.
This applies to everything on the network – routers, firewalls, access points, switches, and so on.
6. Implement anti-virus and anti-malware systems.
Contemporary research shows that anti-virus (and anti-malware) is stopping only about 40-50% of malicious software. We do expect to see improvements in anti-virus effectiveness over time, and still view the software as a key component of an effective security strategy. It’s important to note, though, that in order to be effective, any anti-virus solution needs to be managed and maintained on a regular basis.
7. Use advanced endpoint protection.
While standard anti-virus and anti-malware systems still have value, advanced endpoint protection is becoming more effective. New software solutions have been developed that seek to identify malicious attacks based on patterns of behavior, rather than signature strings of code. If anti-malware looks for footprints to identify malicious activity, indicators-of-attack (IOA) software looks at the stride of the walker, and where they are headed.
Leading vendors such as CrowdStrike, CarbonBlack and Cylance, currently have software that can be used to provide more advanced protection, particularly against Advanced Persistent Threats (APTs).
8. Use out-of-band remote access controls.
Finally, this tip is more relevant than ever as nonprofits have shifted to remote work contexts: when admins require entry points to the network, they should use out-of-band methods to allow access.
Essentially, this means that admins should use management interfaces instead of in-band methods like VNC or SSH. Doing so is more secure (it doesn’t require opening up firewalls) and makes it possible to manage devices by remote control regardless of whether machines are powered on or have functioning operating systems – something that’s especially useful in the event of an attack.
Take the Next Step to Reduce the Risk of a Cyberattack
Each of the network hardening actions we’ve discussed can help you to reduce cyber risk. If you have questions about implementing these tactics – or concerns about how to harden your nonprofit’s network – we can help.
At Community IT, we’ve found that many nonprofit organizations deal with more cybersecurity risks than they should have to after settling for low-cost IT support options they believe will provide them with the right value. The problem is that these options don’t understand or address important vulnerabilities.
As a result, cyber damages are all too common.
Our process is different. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.
Are you ready to increase your cybersecurity and harden your nonprofit’s network for better support? Get in touch with us today.