Network Security Tips & Guidelines

Travelers umbrella logo.
By Travelers Risk Control
3 minutes
Secure padlock against a computer chip background.

Each year, attacks on cyber networks have resulted in the loss of important data costing businesses millions.¹ The 2017 Travelers Risk Index shows that many companies surveyed worry about technology and cyber risks. Aggressive and comprehensive protection strategies may help you avoid external attacks and maintain the safety of your network.

Creating layers of protection or a "defense-in-depth"² approach can help provide a sound strategy for network security. This approach uses multiple devices, products and procedures rather than relying on a single method to enforce security.

10 Steps to a More Secure Network:

  1. Set Clear Administrator Privileges
    An important first step in providing security for your network is to establish and enforce administrator privileges, managing who has authorization to install software and change system configuration settings.
  2. Secure Your Private Network
    Many intranet or private networks consist of multiple local area networks (LANs) designed to connect your computers to resources, such as printers, servers and other applications. Trace department business functions from users computers back to the physical servers that house their data. Your network design should allow users to have access to the information they need to do their job, without allowing them to access other non-job-related information.
  3. Secure Endpoints by Configuring Demilitarized Zone (DMZ) 
    In network security, endpoint security refers to protection of the private network where it intersects with public network. The common devices used at these endpoints to connect to the public network include mail servers to send and receive emails, web servers to host websites, and proxy servers to handle requests from clients seeking resources. 

    A common security configuration to protect these endpoints is a Demilitarized Zone (DMZ). A DMZ is a computer network with firewalls and other prevention systems inserted as a "neutral zone" between a company's private network and the outside public network. All incoming and outgoing communications pass through the firewall and intrusion detection and prevention systems prior to entering the private network.
  4. Monitor the Network
    You and your cyber security providers should implement network logging and monitoring strategies. These allow companies to monitor unauthorized data transfers and unauthorized attempts to access your private network. Detection systems should provide responsible parties with appropriate alerts and scheduled reports.
  5. Maintain Firewalls
    Firewalls are a fundamental network security solution. They are used to permit only appropriate traffic to enter and leave the private computer network. In addition to using firewalls to protect your private network from the Internet, firewalls installed within your private network can be used to segment the network into unique security domains supporting enhanced layers of defense.
  6. Establish Intrusion Detection and Prevention Systems
    Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can work together with firewalls to analyze traffic to determine if it is legitimate. An IDS product will provide alerts on invalid traffic, while an IPS will block the traffic.
  7. Protect Remote Access
    If your employees are allowed access to your private network from remote networks, this access should only be through a firewall that protects your private network. Another option is to utilize a Virtual Private Network (VPN) that uses encryption and multi-factor authentication to provide greater security.
  8. Isolate Guest Wireless Local Area Network (WLAN)
    If your company operates a wireless local area network (WLAN) for the use of customers, guests and visitors, it is important that it is kept separate from the main company network.
  9. Use Encryption Programs 
    When used properly, encryption technologies can virtually prevent files, directories, or disks from falling into unauthorized hands.
  10. Define and Practice Continuity Plans/Disaster Recovery 
    Once you have completed mapping and securing your network, assess any critical equipment or systems and evaluate the potential business impact if they should fail or are breached.

Companies should prepare for the unexpected by establishing a comprehensive Business Continuity and Disaster Recovery Plan. Click here to visit our Business Continuity Planning materials.

Young businesswoman sitting on a park bench, logging in to laptop while holding smartphone with a security key lock icon on the screen.

Top Stories

How Multifactor Authentication Can Help Protect Against Cyber Threats

Multifactor authentication (MFA) can help stop cyberattacks by requiring a second form of verification that can block most account-compromising attacks.

Related Products & Services

We understand the complexity of cyber threats and have cyber liability insurance solutions to help protect your business assets.

More Prepare & Prevent

Cyber Risks and Your Business

Take a look inside how a data breach can affect a business and what a business can do to help protect against cyber risks in this video.

Cyber risks and your business.

More Prepare & Prevent

11 Steps to Help Protect Your Business from Cyber Extortion

Extortion as a result of a cyberattack is becoming more and more common for all business types and sizes. Businesses can take these 11 steps to help protect against cyber extortion.

System protected from cyber extortion.

More Prepare & Prevent

What Is a Data Breach Coach and How Do I Get One?

As data breaches become increasingly complex, a new role has emerged to help organizations navigate their response and recovery.

Data breach coach on the phone.