If you have workers needing to access data, or resources, such as shared files or even a printer, from another location, you may be well-served by deploying a secure, modern VPN.
Accessing data from any location, securely, is essential in a modern workforce.
A typical VPN deployment looks like a firewall, such as a Sophos XG series device deployed on your network as the "edge" equipment. This device not only provides basic internet access to your users on the inside of your network, enabling the VPN service permits users on the outside of your network to access resources such as files, applications and printers on the inside of your network. In our security and hosting work, we are increasingly seeing a trend towards "locking down" access to various third party services to a limited IP address. For example, let's say you use a third party, hosted service to access your accounting system. You may choose to constrain access to that platform from only the "work network". But what happens if you're working from home due to COVID, or even something as pedestrian as a "snow day"? Well, no worries, simply connect into your office via VPN and then access the third party service. It will look to the third party that you are on your work network.
Virtual Private Network, VPN, access is typically a service provided by your edge networking equipment, though sometimes a VPN may be setup in conjunction with a network server. The manner in which you deploy a VPN impacts the investment required.
If you use the Internet, you need a firewall. If you have more than a single device on your network, you need a firewall capable of advanced features.
Historically, an organization could deploy a basic appliance known as a "firewall" to secure a network. The primary capability of the fiewall was to provide basic Network Address Translation (NAT). NAT means that the network addresses (IP Address) of your local computer is different from the "public address" seen on the outside of your firewall. While this provides an essential and necessary component of network security, it is in and of itself, insufficient.
A typical firewall project looks like a pre-installation audit to understand all of the services and user communities operating "behind" this firewall. An analysis of the network traffic needing to pass in and out of the network is conducted and appropriate hardware and software subscription service are selected. The device and services are pre-configured by navitend at our Northern New Jersey offices and then the equipment is delivered and or transported to the respective site(s) for installation. If possible, a plan is put in place to keep internet traffic flowing on a back-up service to minimize impact to users. The new equipment is installed and exhaustively tested. The old equipment is secured and retained for a brief period in the event we need to "switch back" for any unforseen contingencies. The navitend on-call technical team is made aware of the project to anticipate any "after-hours" calls which may arise from the effort. Similarly, the next few business days, the network support team is on the look-out for any lingering connectivity issues that may arise from the change. Once all services are confirmed operational, the old equipment is responsibly and securely recycled.
Firewalls are typically purchased one time, along with a project to schedule the installation of the network. The cost of the firewall and the related installation are commensurate with the complexities of your network and user communities. For example, an assisted living center operating 24/7 with multiple business units and buildings has more complexity than a small office with three employees working 8-5 Monday through Friday. Beyond the purchase and installation fees, modern firewall solutions come with accompanying maintenance and data subscriptions which are vital to their effective deployment.
If you have employees and have more than a single password in your business, you need a strategy, and possibly a "solution" to securely managing passwords.
Keeping information and processes secure generally falls to humans securing, and remembering, one or more password. An effective password management system is increasingly essential in the modern workplace.
When engaging with navitend's password management platform, there is a one time onboarding process where a team member will either work with each user, or perhaps engage in a "train the traniner" session to ensure that everyone in your organization can effectively get their passwords loaded into the platform. From that point on, you can securely access your passwords by only remembering a single, secure password which only you know. From there, the rest is as simple as copy-and-paste to log in to your applications.
Password management solutions are typically offered as a subscription service with either per user or site-license offerings.
If your organization could go out of business or lose substantial amounts of opportunity and or hard cash costs if your data was unavailable for even a short period of time, you need a BDR solution.
Your business relies on data. If your data is unavailable, your business will either slow to a crawl, or possibly have an existential crisis.
A service business with a line of business application with an SQL database, a file server and a Remote Desktop Server needs to ensure uptime for their onsite and remote workforce. A DATTO BDR appliance provides local file protection, protection against Ransomware, protection against a server hardware failure and more. navitend team members connect to the server each business day to make sure the device is operating properly to backup our client's data.
A BDR device is typically installed with a one time fee ranging from around 1,000 to many thousands of dollars, depending on the capacity of the device. The larger the device, the higher the investment. Additionally, there is a monthly fee for securely storing your data in a remote data center. Again, the larger the amount of data, the higher the cost. Smaller businesses can often get the benefits of this solution for as low as $125 per month, but larger businesses can expect to invest many hundreds of dollars.
If you have computers on your network, they need to be protected. This is a must-have element of your network's security.
The most likely place for vulnerabilities to enter a network is via a user working on a workstation or laptop computer. Providing security on every device helps mitigate attacks against your business.
Users have access to sensitive information -- financial data, tax returns, client information. The majority of this information is confidential and vital to not only the health of your business, but may also represent a legal risk if it leaks from your network.
If you are running a business with multiple computers and you either have an internal computer support team or perhaps you outsource your network support to a Managed Service Provider such as navitend, you will want to license your software through your IT support team.
Your team will have a centrally managed capability to monitor your software and keep an eye on emerging threats.
Over time your network will change. You will add machines and you will remove machines as your business changes. Licensing end point security on a monthly basis with a professional platform from navitend allows you to keep the most up to date and effective end point security with anti virus and active, behavior-based security on your computers. Modern end point security even works while you are off of your corporate network - something which is essential in today's climate of a distributed workforce.
End point protection is most often licensed on a per device, per month basis. If you are a very small business, you may consider purchasing a retail copy of anti-virus, or you may have even received a copy of this kind of software when you purchased your computer. Popular end point security includes Norton AntiVirus, McAfee, Trend Micro and even Microsoft BitDefender.
For true business networks, navitend recommends a managed solution such as Sophos.
All managed workstations and servers have the malicious website filtering installed when the devices are on-boarded to navitend's management platform.
It is increasingly common for our clients to request additional web filtering for their networks.
End Point protection is a vital layer to your security plan, however a key aspect of protecting your network happens from the inside out. Protect your users from intentionally or unintentionally accessing sites which are known to contain malware or other content that is undesirable and or unproductive for your business. There are times when an organization desires to block content which is perhaps "acceptable", but its consumption is not appropriate at work. For example, not every organization wants users to be able to access Facebook or other social media platforms.
There are two layers to this protection.
The first, fundamental type of DNS protection is what we would consider a must-have capability, namely the filtering of known bad actor sites on the internet. As a precaution, new sites which have been on the internet less than two weeks are also filtered on the premise that a site that pops up temporarily is likely not something you or your users should be visiting.
The second tier of protection is more of a policy question -- are there sites, or genres, that are inappropriate for your users to avoid? For example, is it appropriate for your users to visit sites with content discussing alcohol, weapons, and any number of adult-themed content? The appropriate answer of course is that it depends on your business and perhaps a subset of people in your organization. For example, you may not want your customer support team browsing instagram in the afteroon, but it is likely a neccessity for your marketing team to be able to engage on instagram's website.
It is common to set up multiple user "groups" within our client's user base and assign specific constraints or access to the groups.
navitend includes malicious site filtering with our standard managed IT services offering, which we call Proventiv. Adding the optional web filtering based on genre or specific sites requires a one time setup plus a monthly per user fee. The biggest cost in most organizations is labor -- when considering the lost time to non-business related internet browsing, a small investment can yield significant financial returns.
navitend can help you. Call 973.448.0070 or setup an appointment today.