🛡️The Simple Thing you can do to make your Business more Cyber Secure🔑

Ronald BartelsRonald Bartels
2 min read

There is often mistake I sell a small business make that causes problems. It make them prime targets for lateral movement. In reality, its the same in the larger businesses but that is more question of competence than where in a smaller business its a question of knowledge.

So the simple trick is not to use an unmanaged switch but a managed one with VLANs. The next step is to segment your business functionality into those VLANs. So you need to put your operations, on one, your finance on another and for the love of god, your video surveillance on a separate one. And as a good start don't allow the office PCs and the ones on WiFi to talk to each other. Use something know as client isolation. Surprisingly enough there are many ISPs who don't do it on their own networks, further making their clients more insecure.

Example of switches you can use are those from are typical known as managed switches and have SNMP. Not that cheap stuff off the shelf from a mall computer shop.

I am reminded of Virgin Active being ransomed. They made a simple mistake of overlaying the guest WiFI on the office network and using dated versions of Windows. They were ransomed. 👉 ITWeb write up about the Cyber Attack.

https://www.infosecurity-magazine.com/news/virgin-active-sa-suffers/

https://stuff.co.za/2023/02/06/rsaweb-confirms-cybersecurity-attack/

In reality as with the ransomware attacks against RSAWEB and Virgin Active, it wasn't really a "highly sophisticated attack." It was a plain vanilla attack with a few or no mitigations to prevent it.

No alt text provided for this image

Thus once you have you business setup with VLANs, or if you are a fancy pants you can call it micro-segmentation. This forms the foundation of being able to gateway access from the Internet using appropriate solutions.

Then the most important part of these ramblings and if you remember nothing else is to put the administration interfaces of your servers/services on a separate VLAN. This is often known as a management plane. Make sure you have a method of forcing authentication into the management plane with a well know method being a jump server or alternatively a VPN concentrator.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. Learn more about the best SD-WAN in the world: 👉 Contact Fusion

https://hubandspoke.amastelek.com/cappuccino-a-day
0
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

cybersecuritySmall businessvlanssegmentation

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa