Office network security is the local area network (LAN) in the workspace or office. Security of this network is a top priority. It doesn’t matter how big your company is or if you’re a startup, you don’t want a malicious actor taking down your network or breaking into your proprietary software.
The first thing that I recommend people do when they’re thinking about network security is starting with an inventory.
Start by asking: are there servers on the network? How many workstations in the office? How many laptops or cell phones connected to the network? Are the IoT devices mandatory? What type of data are these IoT devices transmitting around?
Taking this inventory will give you a good idea of the level of complexity of your office network. Your network security depends on securing or removing all of these devices.
The average, modern, early-stage SaaS company that has around 20 employees can operate with a moderately lighter level of security than a company that employs 500 employees that has multiple servers and IoT devices all over the office space. Those companies that operate on a larger scale likely have a person in charge of security (i.e. Security Officer) within the organization who has a strong understanding of network security.
For the average SaaS company you can operate on the following minimum network security recommendations:
Change the default admin login credentials so that if your network is compromised the hacker can’t make changes to the network. Every time a vulnerability is discovered, there will be a firmware update issued. It’s critical that you install these updates. An easy way to make sure an update isn’t missed would be to turn on the auto-update feature.
This is a type of encryption that secures the vast majority of Wi-Fi networks. The WPA2 should have a strong password.
You want this for individuals who visit the office but are not a part of your company. Most modern routers have a feature to enable a guest network. This is an easy way to boost your network security.
Physical security is a very important consideration. The hardware shouldn’t be out in the open where anybody can access it. You want hardware stored in a controlled room or locked office where a member of the organization can keep an eye on it. An extra precaution would be to monitor the hardware with a security camera.
You likely have basic routers like the kind that the service provider sets up or the cheap ones from the electronics store come with a low-level firewall. However, a business-grade router comes with stronger firewalls. Some even have intrusion detection or intrusion protection systems built into them that make them worth the extra cost. The stronger routers are likely to have better performance on the network because these models have the ability to handle more devices.
There are often USB or Ethernet ports on a router that are not in use. Deactivating these ports will limit the chances that somebody could plug a rouge device into the network. Since these ports are one more entry point to worry about when it comes to LAN security, turn them off if you can.
MAC address filtering is a security measure that only allows devices that the organization is aware of to connect to the network. The filtering can be done collecting the MAC address of every device and then uploading those credentials into a database in the router. It may seem like an extra precaution but it just ensures that if a hacker was able to get the password to the network, they wouldn’t be able to gain access without having one of the identified MAC addresses.
In the end, your data isn’t fully secure unless your network is secure too.