Office network security is the local area network in the workspace or office so the security of this network is a top priority. The first thing that I recommend people do when they're thinking about what their approach is going to be to their network security is to really start with an inventory.
Start by asking: are there servers on the network? How many workstations in the office? How many laptops or cell phones connected to the network? Are the IOT devices mandatory? What type of data is being transmitted around on these IOT devices?
Taking this inventory will give a good idea of the level of complexity of the network.
The average, modern, early-stage SaaS company that has around 20 employees can operate with a moderately lighter level of security than a company that employs 500 employees that has multiple servers and IOT devices all over the office space. Those companies that do operate on a larger scale likely have a person in charge of security (i.e. Security Officer) within the organization who has a strong understanding of network security.
But for the average early-stage SaaS company you can operate on the following minimum network security recommendations:
- Have a support router with an activated firewall - change the default admin login credentials so that if the network is compromised the hacker can’t make changes to the network. Every time a vulnerability is discovered, there will be a firmware update issued. It’s critical that these updates are installed. An easy way to make sure an update isn’t missed would be to turn on the auto-update feature.
- Have a WPA2 encryption - this is a type of encryption used to secure the vast majority of Wi-Fi networks. The WPA2 should have a strong password.
- Create a “Guest Network” for individuals who visit the office but are not a part of the organization. Most modern routers have a feature to enable a guest network.
- The physical security of the network hardware is a very important consideration. The hardware shouldn’t be out in the open where anybody can access it; it should be stored in a controlled room or locked office where a member of the organization can keep an eye on it. An extra precaution would be to monitor the hardware with a security camera.
- Acquire higher quality routers - basic routers like the kind that the service provider sets up or the cheap ones from the electronics store come with a low-level firewall. However, a business-grade router come with a stronger firewalls. Some even have intrusion detection or intrusion protection systems built into them that make them worth the extra cost. The stronger routers are likely to have better performance on the network because these models have the ability to handle more devices.
- Deactivate the “use ports” on the router - there are often USB or Ethernet ports on a router that are not in use. Deactivating these ports will limit the chances that somebody could plug a rouge device into the network.
- Add MAC address filtering - MAC address filtering is a security measure that only allows devices that the organization is aware of to connect to the network. The filtering can be done collecting the MAC address of every device and then uploading those credentials into a database in the router. It may seem like an extra precaution but it just ensure that if a hacker was able to get the password to the network, they wouldn’t be able to gain access without having one of the identified MAC addresses.