Before you go and spend a ton of money on some “next-gen” network security solution, make sure you have the fundamentals locked down. Nearly one-third of businesses suffered a data breach in the last year, many of which were caused by common mistakes like:

• Weak passwords.
• Outdated software.
• Poor training.
• Excessive privileges.

If you can avoid these mistakes, you make your organization a much less enticing target for hackers. In this post, we’ll walk through these and other network security fundamentals, and offer tips for making sure your data doesn’t end up on the dark web.

The four most common network security mistakes

1. Weak passwords

Out of convenience, employees will use simple passwords, or use the same password across multiple accounts. Both of these types of weak passwords put your organization at risk.

A determined hacker can bypass a weak password, and if that password works across other accounts for the same user, that hacker is going to be all over your network in a matter of minutes.

Here are some simple steps you can take to decrease the chances that people are using risky passwords:

• Create and enforce strong password policies for your organization.
• Educate employees about the risks of simple passwords and how to create stronger ones. Passwords should be complex enough to combine letters, numbers, and symbols — and they should also be changed regularly.
• Update your business software to set requirements for password difficulty.
• Deploy an enterprise password manager to centralize oversight.
• Use multi-factor authentication (MFA). It requires two or more verification factors to access an account, such as a password and a code sent to the user’s email or phone.

Solving this network security risk is not complicated, but it takes will to drive this policy across the organization. Simply emailing employees a password policy is not enough — someone has to own this responsibility and make sure that it is enforced.

2. Outdated software

Software update notifications can come at inconvenient times, so it’s very common for people to put them off to avoid disrupting their work. Unfortunately, outdated systems invite ransomware attacks — it’s like leaving the door wide open.

The saddest part is that these types of network security breaches are 100-percent preventable. Keep all software up-to-date and patch all known vulnerabilities. If you don’t, a hacker can exploit the weakness to gain access to your network.

To address this problem, remember the following:

3. Poor training

The “human-layer” of network security should not be an afterthought. You can do everything right on the technical side, but if some employee downloads an unsafe attachment, the entire network can still be compromised.

Some of the costliest ransomware crimes in history have been the result of a low-tech phishing email. Hackers are resourceful, they are going to use all the tools at their disposal to get on to a network they can exploit for gain.

What do employees need to know if they are logging into their company accounts in a coffee shop or hotel room? Have they been trained on how to keep themselves and the business safe on public Wi-Fi?

A naive employee can put your business at serious risk by taking an innocent-seeming shortcut, trying to catch up on work from home, or storing a file in the wrong place. It’s essential that they receive some training in digital security fundamentals.

Here’s how to start bringing people up to speed:

• Teach employees how to recognize and avoid common threats like phishing emails, unsecured networks, and social engineering attacks.
• Conduct cybersecurity training for all staff. Remember, this isn’t a one-and-done deal. Regular training keeps the risks top of mind so workers are more likely to adhere to policies.
• Ensure employees know who to contact if they’ve clicked a malicious link or downloaded an unsafe attachment. The sooner your IT team knows about an issue, the better.

SEE: How to Create an Effective Cybersecurity Awareness Program from TechRepublic Premium

4. Excessive privileges

Allowing users to have privileges greater than what their role requires is a disaster waiting to happen.

One, you open the door to an insider network security threat where excessive privileges result in an employee causing a data breach, data corruption, or worse. Whether the employee is malicious, negligent, or idiotic doesn’t really matter. The damage is done.

Two, if a hacker gains control of an over-privileged account, it’s going to be easy for them to move laterally across systems and exfiltrate data — all while bypassing the access control mechanisms you have in place.

When access control rules are too loose, it increases the chances of an accident or attack, and makes the potential severity of either much worse.

To clamp down on excessive privileges and improve network security:

• Use role-based access controls to ensure employees only have the access they need for their jobs.
• Update permissions when employees change roles or leave the company.
• Do periodic audits to ensure that access rights are appropriately managed.

How to secure your network: The basics

Managing your network security is essential for protecting your company’s digital assets. If you are starting from scratch, take these practical steps:

• Set up network firewalls.
• Install antivirus software.
• Implement multi-factor authentication.

Maintaining a strong network security posture is an ongoing battle. These three steps are just the basics. Follow the links for more detailed coverage of each topic.

Set up network firewalls

Think of a network firewall as a security guard for your computer network. It checks all the data coming in and going out, ensuring nothing harmful gets through. Without a firewall, your network is left wide open to all kinds of cyber threats, which can lead to your data being stolen.

Hardware firewalls are physical devices that sit between your network and your connection to the internet; these firewalls are great for protecting an entire network. You can purchase them from computer hardware retailers or online stores like Amazon, Best Buy, or Newegg.

Software firewalls are installed on individual devices. Many operating systems come with built-in software firewalls like Windows Firewall, but you can also buy more advanced ones from software companies or download free versions from providers such as Norton or McAfee.

Both hardware and software firewalls are still in use today, and these two categories can be further broken down into eight types of firewalls that each have a specific purpose. To fully protect your network and ensure that legitimate users won’t get blocked, you will have to create firewall rules.

Install antivirus and anti-malware software

Next, put antivirus and anti-malware software on all workplace devices. This is your main defense against nasty things like viruses and ransomware.

Pick a good antivirus software and make sure it updates on its own to stay ahead of new threats. Also, regularly scan your devices to catch and remove any bad software.

Malwarebytes is a reputable provider of free anti-malware software, and Norton is known for its antivirus software.

Use a Virtual Private Network

If anyone on your team works remotely, having a Virtual Private Network (VPN) is essential for maintaining security and privacy. A VPN creates a secure and encrypted connection over the internet, which is especially important when using public or unsecured Wi-Fi networks.

This encrypted tunnel ensures that the data you send and receive is shielded from prying eyes, making it difficult for cybercriminals to steal it.

To find the best VPN provider for you, keep an eye out for the following key features:

• Strong encryption: Look for a VPN that uses 256-bit encryption, which is the same type used by banks and the U.S. military.
• No-log policy: Choose a VPN provider that prioritizes data privacy by not keeping records of your internet activity.
• Reliable performance: Look for a VPN with high-speed servers and unlimited bandwidth to ensure your internet connection won’t be slowed down.

Use encryption

When your data is encrypted, it’s scrambled into a code that can’t be read by anyone who doesn’t have the key to decode it. It’s important for your business to encrypt sensitive data both in transit (when it’s being shared) and at rest (when it’s being stored).

Here’s how to apply encryption to different types of data.

• Email encryption: Use an email service that offers end-to-end encryption, such as Proton Mail or Zoho Mail. This means only you and the recipient can read what’s in the emails.
• Encrypting files: Use file encryption tools like AxCrypt to encrypt files or folders with sensitive data. If you use cloud storage, your provider likely encrypts your data automatically.
• Encrypting network data: For data shared over your network, use a VPN. As previously mentioned, a VPN encrypts the data as it travels across the internet, keeping it safe from interception.
• Website encryption: Install an SSL certificate on your website. This secures the connection between your site and its visitors and encrypts your website data.

Set up MFA

Multi-factor authentication is like a double-check for security. Along with a password, this form of authentication asks for something else before granting account access, such as a code from an alternative contact method or a fingerprint.

Put MFA in place at your business — especially for getting into your most critical systems — and you’ll cut down the risk of someone sneaking in. Even if someone malicious gains control of an employee device, for example, MFA will prevent them from gaining access to your network.

Ongoing network security best practices

Securing your system is just the first step in protecting your business from cybersecurity threats. You’ll also need to have several ongoing practices to maintain your network’s security.

• Network monitoring: Analyze traffic using network monitoring software on a regular basis to detect unusual activity or potential threats.
• Software and firmware updates: Consistently update all software and firmware to the latest versions to patch vulnerabilities and enhance security features.
• Equipment updates: Regularly review and upgrade network equipment like routers, switches, and firewalls to ensure they meet current security standards.
• Continuous employee training: Provide ongoing cybersecurity training for employees that covers new threats and reinforces best practices.
• Regular security audits: Conduct routine network scans for vulnerabilities and potential malware infections to find and fix security gaps.
• Limited network access: Regularly review user access controls to ensure only authorized personnel have access to sensitive data and systems.

Network security complexities with remote work

Employees that work from home, hotels, and airports drastically increase the potential attack surface for their organization.

It’s important to train employees how to stay secure and provide the technical support to do so. Here are three of the biggest remote work security challenges, and how to respond:

• Unsecured personal devices: Remote employees often use personal devices for work that aren’t as secure as office equipment. To reduce this risk, create BYOD policies that require personal devices to stay updated with antivirus software and security patches.
• Secure data transmission: Home networks are often less secure than office networks, so sending data securely can be a challenge for remote workers. A policy that makes VPNs mandatory for remote workers will keep network data safe and encrypted.
• Physical device security: Devices that are used remotely are more likely to be lost or stolen. It’s important to set up password locks, disk encryption, and remote wipe capabilities on any device that will travel with employees to prevent unauthorized access to network resources.