What follows in this document are best practice methods to maintain network connectivity, to secure your IT system and to protect your data and computer systems from all possible attacks, breakdowns and disasters. It relies upon backups, failover/redundancy systems and disaster recovery planning.

It is the cheapest and most effective insurance you will ever invest in for your business.

I have developed this system from over a decade of providing IT services to small business in many different industries. In most cases it relies upon using the equipment you already own.

The information below is general in nature and only outlines the basic concepts of configuration of a secure system. It is always recommended that you obtain professional advice to assist you with these matters.

Basically it boils down to this:

Run a good Anti Virus software program and set it up to run on a regular schedule.

Store all data in a Cloud service.

Backup data and Operating System constantly to another connected hard drive.

Regularly backup to external drive(s) and remove these drives from site.

In this way you are protected from equipment failure, hackers and catastrophic disaster with a number of backups to cover you from all eventualities and anti virus software to protect you from the latest types of attacks.

 

Chapter 1 – Networks

Your Wired Network

Your wired network encompasses your NBN/Internet connection, your Modem/Router, any other cable connected network devices (switches, range extenders, wireless access points, power line range extenders) and any computers that are connected via a cable.

Security

Change all default Admin passwords on Modem/Routers, Access Points, Switches etc to original, complex passwords.

Change the default IP addressing scheme for your Modem/Router.

Restrict physical access to your Modem/Router eg locked room or locked cabinet

Performance

The performance (speed, throughput) of your wired network is dictated by the slowest rated device on that network. Eg All cables and your computer network card are rated at 1000Mbps however your Modem/Router LAN (Local Area Network) Ports (where you plug the cable in) may only be 100Mbps speed, therefore the maximum speed of your network will only be 100Mbps.

Your Wireless Network

Your wireless network consists of any device that transmits and receives a WiFi signal. Your Modem/Router usually provides wired and wireless access so this is where you will usually manage the security for wireless connection. Seperate Wireless Access Point Devices/Extenders may also require management for security as well.

Security

Run seperate wireless networks for seperate roles. Eg An Admin network for Office and sensitive business purposes, a Guest network for visitors and possibly a Retail network for shop activities. This can often be achieved from the one device – Modem/Router.

Create original, complex passwords for all wireless networks and change them with staff turnover etc.

Performance

The speed of a wireless network is determined in the same way as your wired network, it is dictated by the speed of the slowest device. There are other factors that may effect wireless networks and these include physical placement/distance of wireless devices, the type/frequency of the signal, proximity to other appliances and line of sight between wireless access point and computer/device.

Mobile Broadband

Mobile broadband is a wireless network that connects to a mobile phone tower, like your phone. A direct connection to this type of network will not allow you to connect to other devices in your home or office. However, there are devices that connect to the Mobile Broadband network for internet and then create a Wireless Network that a number of devices can connect to and thereby see other computers/servers to share files and connect to the internet.

This type of internet connection is generally not as reliable as an NBN connection because a Mobile Broadband network connection is shared with everyone else connected to the same phone tower whereas an NBN connection is a direct connection just for your premises.

A Mix of Networks

Most businesses will deploy a mix of wired and wireless networks to communicate internally and both NBN and Mobile Broadband for internet connection.

The server or accounts computer may be employ a wired connection to the NBN, the sales dept laptops may connect via a wireless network, your EFTPOS terminals may connect directly to the Mobile Broadband Network and your mobile phones may connect to both a Mobile Broadband network and your Wireless Network.

Always Connected

Some modem/routers allow a USB Mobile Broadband “dongle” to be connected to them as a “fail over” system so that if your NBN connection goes down then your internet connection will swap over to the Mobile Broadband network to keep the business up and running without any down time.

If your modem/router does not provide this function then just having one of the devices that connect to the Mobile Broadband network for internet that also creates a Wireless Network will allow you to connect any computers/devices that can connect via wifi. Devices/computers with only a wired connection to your router will not enjoy connectivity in this scenario.

If your reliance upon an NBN connection is mission critical for your business you may benefit from installing 2 seperate NBN connections from different internet suppliers to provide failover and load balancing. However this is more for corporate level businesses and is a much more complex system as well as being expensive.

Chapter 2 – Data

Your data (files, folders, documents, spreadsheets, presentations, pictures, emails, video files, sound files etc) is what most businesses should value very highly as I have personal experience with businesses that have lost it all and suffered severe financial hardship as a result.

Fortunately securing this is quite simple and there are many options for doing this, however it must be constantly up to date to be an effective system. 

Generally having a backup just means having at least one other copy of your files. Backups of only your data (as opposed to a backup of your whole computer including Operating System and Programs, which I will cover next) can be done in a number of ways.

A seperate hard drive may be used to backup your data, you may backup your data to the internet (“The Cloud”) or your data may be backed up with your computer operating system. These methods all have different uses and pros and cons.

An external hard drive connected to your computer and used to copy/duplicate your data is a very simple system and will save your data if your computer crashes or dies but is only effective for 1 user. This system will not restore your Operating System or Programs, nor will it save your data from a ransom attack (explained below).

Cloud storage will perform the same function by backing up to the internet in real time and is a very convenient solution that allows multiple Users to access the data simultaneously. It suffers from the same limitations as an external hard drive in that it will not restore your Operating System or Programs, nor will it save your data from a ransom attack.

Chapter 3 – Operating System and Programs

Your Operating System and Programs (and including your data) are best backed up to an external hard drive. This may be achieved by using the Backup system that is built into your Operating System or other professional programs designed to perform this task. This is a system that is automated to run constantly or periodically after close of business (at night) on a daily or weekly schedule.

This system is the best first line of defence against equipment failure but will not save you from a Ransom Attack either.

A Ransom Attack is where a hacker accesses your network (maybe via a default modem/router password) then accesses your computer (that may not have a password at all). Once in your computer they run a program to encrypt all files on all connected hard drives (even your backup drive) and as your Cloud data lives on your computer all your Cloud based files are encrypted as well. Your files are then inaccessible unless you pay the ransom (not cheap) and get the encryption key from the hacker (as if they care once they have your money).

The best plan is to have further backups on external drives that are systematically connected for backup and then disconnected from the system. These are often referred to as “Off Site Backups” whereby 2 drives are used alternatively on alternate days and are taken home (or off site) to also protect from the event of fire or other catastrophic disaster.

Anti virus software will also play a role in securing your data and Operating System and protecting you from breaches of your system from the internet (I’m talking about you Facebook as the delivery mechanism for a lot of modern incursions). Anti virus software should also be kept up to date and set to a schedule for maximum protection.