Audio Coursesby JellypodLesson 08 of 12
Overview
Transcript
Loading transcript...
Noel G Alexander: Hi, and welcome to another episode of How Secure is Your Business - Really? I'm your host, Noel Alexander. Let's get started. —Picture this: if your IT setup was a city, the network would be, well, the roads—the highways, those sneaky little side streets, and all the tunnels too. People and goods zipping everywhere, no real boundaries. Now, imagine if that whole city had zero checkpoints. No doors, no security, nada. That’s kind of what a flat network is—it’s like a giant building with no walls at all. Once someone’s in, they can roam wherever they please, and that’s just a disaster waiting to happen.
Noel G Alexander: —This is why network segmentation is so valuable. Think about VLANs for a minute—virtual LANs. You can separate traffic, say, between your HR folks and your finance team, so if someone makes it in through, I don’t know, a phishing email in HR, they can’t just cruise over into finance and start poking at payroll systems. You’re basically building little walls inside that big flat building.
Noel G Alexander: —And then you’ve got things like DMZs. No, not the kind from the news—the tech version. These are zones where you stick all your public-facing stuff, like your web servers or email, and make sure it’s isolated from your core business systems. Even if someone cracks your public website, they’re hitting a barrier before they get near the crown jewels.
Noel G Alexander: —Now, a lot of folks have heard about ‘Zero Trust.’ I know, it sounds a little gloomy, but it just means you’re not assuming anyone—or any device—is trustworthy by default. You’re always checking, always verifying. Because, let’s face it, attackers are just getting too clever.
Noel G Alexander: —Let me give you a quick story. I worked with this local nonprofit a couple years back—a really great organization. They were running HR and finance on the same flat network as their public Wi-Fi and, well, some old web server they forgot about. One tiny slip on that server, and an attacker could bounce into payroll. We split their network, gave finance and HR their own secure space, and suddenly, even if there’s a breach somewhere minor, the really important data is walled off. Their attack surface shrank overnight. (And it didn’t cost a fortune either—just some planning and a little patience.)
Noel G Alexander: —If you’re thinking, “I wouldn’t even know where to start,” that’s normal. The trick is: start small. Pick the most sensitive stuff—finance, HR, health records if you’ve got them. Get those behind solid walls first. Over time, you can expand, especially once you understand how your traffic flows. Use visualization tools if you can get them. I always recommend that.
Noel G Alexander: —So, if segmentation is your internal walls, perimeter defense is your front gate—the moat. It’s not perfect, but it does filter out a lot of noise. Firewalls are the old standard here, setting rules about what comes in and what goes out. No more “allow all” policies, please—those are basically like leaving your house keys under the mat.
Noel G Alexander: —What’s changed lately is that next-gen firewalls and intrusion prevention systems are actually pretty smart. I saw this firsthand with a law firm I helped—they were getting hammered by attacks they never even noticed. They put in this next-gen firewall that combined classic rules with some application control and up-to-date threat intelligence. Within a few weeks, it blocked dozens of attempts to hit vulnerable servers they didn’t even know were at risk. The key wasn’t just the tech, though—it was in reviewing their firewall policies regularly, fine-tuning, and making sure they shut down those accidental open doors.
Noel G Alexander: —But let’s talk remote access for a sec. The pandemic changed the game here—suddenly, remote work was everywhere, and the old “everyone’s inside, so we’re safe” logic didn’t fly. VPNs—virtual private networks—became the quick fix, encrypting traffic from remote workers back to headquarters. But, uh, if you’re just using VPN with a single password, that’s not enough anymore.
Noel G Alexander: —I remember during those first wild weeks of COVID, some clients were letting people connect through remote desktop ports right out on the open internet. That’s, um, a recipe for trouble. We switched them to VPNs with multi-factor authentication—MFA—and almost overnight, their client data was safer. MFA is, frankly, one of the fastest, cheapest level-ups you can do for remote access. And if you’re more advanced, look at application-level access instead of giving someone the whole network—keeps things tighter and simpler.
Noel G Alexander: —Don’t forget SD-WAN, either; if you’ve got multiple sites, it can help keep your connections secure and performance snappy.
Noel G Alexander: —Here’s the thing—what you can’t see, you can’t secure. Doesn’t matter how high your walls are or how strong your front gate is if you’re not watching who’s coming and going. That’s where monitoring and logging step in. Capturing your network traffic, putting all those logs in one place, that’s your radar. It lets you spot trouble—a sudden spike in outbound data at 2 AM, weird failed logins, whatever feels off.
Noel G Alexander: —I’ll share another case: a retailer with point-of-sale systems noticed a strange spike in traffic late at night. Turned out, data was being shipped off to some overseas server. Because they had monitoring and centralized logging in place—they were using a basic SIEM—they caught it before regulators came asking. That’s not luck; that’s visibility.
Noel G Alexander: —I get it, though: lots of SMBs are overwhelmed by all the alerts and log files. You don’t need to become a log-sifting robot overnight. Start simple—set up alerts for the obvious stuff, like failed login spikes, or new devices popping onto your network. You can always get fancier later. But honestly, just knowing what’s “normal” for your environment goes a long way. When something’s off, you’ll see it.
Noel G Alexander: —And don’t just stash logs on a dusty old server. Rotate ‘em, keep them secure, and retain them long enough that, if something funny happens, you’ve got the evidence to investigate. Oh, and analyze them occasionally, don’t just collect for the sake of collecting.
Noel G Alexander: —So, quick recap: segment your network, make sure your perimeter is actually a barrier, secure your remote access—especially with MFA—and keep your eyes open with monitoring and logs. You don’t have to do it all at once, but the more proactive you are, the better off you’ll be. As always, if you’re not sure where to start or you feel overwhelmed, my book A Simple Guide to Cybersecurity for Small and Medium-sized Businesses can help. It's available on Amazon, or if you would like a complimentary copy, send an email request with your name, phone number, and company name to noelga@vastmanagementcorp.com. Stay tuned, during our next episode, we’ll discuss physical security, an important topic that is often overlooked. See you then.
