5 Dos and Don'ts of Network Management
reprinted with permission from the HP Small Business Center

Keeping your business running smoothly means having a network that's stable and secure. But even minor oversights and errors can cause big problems; cybercriminals are becoming more sophisticated, and they're increasingly targeting smaller businesses that aren't as likely to have the security that a large enterprise would have.

Luckily, good security doesn't have to be complicated or expensive. There are a few relatively simple dos and don'ts you can follow to help ensure your security bases are covered. Here are our top five:

1. Don't forget backups and recovery
You know you need to back up your business data, but in the long list of IT priorities, it sometimes ends up lower down the list than it should be. And beyond the physical act of performing backups, your business should have a comprehensive disaster recovery plan. It should include strategies for detecting and diagnosing problems, and the actions needed to repair the problem and get your system up and running as soon as possible, with little or no data loss.

2. Do install security updates and patches
According to a June 2008 survey by IT security firm Sophos, 81% of the corporate network endpoints they tested failed one or more basic security checks, including missing Microsoft® security patches, disabled client firewalls, or missing endpoint security software updates. And the results can be devastating. "Ultimately, machines that fail such a test represent 'low-hanging fruit' for cybercriminals and a real danger to their corporate networks," said Bill Emerick, vice president of product management for Network Access Control at Sophos. So don't delay or skip those updates and patches — they're an integral part of keeping your network secure.

3. Do manage passwords properly
There are a lot of ways in which password management can go awry. Two of the most common are not changing the default passwords on all network servers and other devices, and sharing a password among multiple devices. Do we really even need to explain why these aren't good practices? Probably not, but a surprising number of IT departments don't bother to address these two simple issues, instead of leaving their networks vulnerable to attack and misuse.

4. Do educate your users
While large enterprises almost always have relatively comprehensive IT policies and user education initiatives, this is an area where smaller businesses often don't pay enough attention. Usually, responsibility for maintaining and securing the network falls to just a few people (or maybe even one person) - but network safety should be everybody's responsibility. Anyone who uses the network should be aware of the risks posed by security threats like viruses, spyware, and phishing attacks - and educated on the proper use and management of e-mail and attachments, passwords and downloads.

5. Don't overlook access control
A December 2008 survey by Napera Networks revealed that over 50 percent of the 200 small and medium-sized businesses surveyed had guests accessing their networks every day, with 20 percent allowing non-employees to plug directly into the network without security check or controls. And nearly two-thirds of respondents do not check mobile users or computers for compliance before they connect to the corporate network, potentially bringing unknown threats with them. Network access control is one of the most vital parts of your security strategy; without it, you are exposing your business to threats that could severely jeopardize it.