Privacy & Information Security Law Blog

On August 25, 2017, the FTC published the sixth blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled Stick with Security: Segment your network and monitor who’s trying to get in and out, illustrates the benefits of segmenting networks and monitoring the size and frequency of data transfers.

The practical guidance provides useful examples on how to:

• Segment your Network: Companies today can link multiple devices together across a single network. While legitimate business reasons exist for such linkage, businesses should consider whether there is sensitive information on their networks requiring special treatment. Segmenting a network can include having separate areas of the network protected by firewalls which reject unnecessary traffic. This can reduce the impact of a breach, should it occur, by isolating it to a limited part of the system. For example, a company that maintains confidential client information can use a firewall to segment this part of its network from the portion of its network containing corporate website data.
• Monitor Activity on your Network: Businesses should also monitor who is accessing, uploading or downloading information on the network. It is imperative to respond quickly if abnormal activity is detected. Numerous tools are available to warn businesses about attempts to access their networks without authorization, as well as to spot malicious software installs and suspicious data exfiltration.

The guidance concludes by noting the key lesson for businesses is to make things more difficult for hackers and this can be done by segmenting their networks and using readily accessible tools to monitor who is entering their system and what is leaving.

The FTC’s next blog post, to be published on Friday, September 1, will focus on securing remote access to your network.

To read our previous posts documenting the series, see FTC Posts Fifth Blog in its “Stick with Security” Series, FTC Posts Fourth Blog in its “Stick with Security” Series, FTC Posts Third Blog in its “Stick with Security” Series and FTC Posts Second Blog in its “Stick with Security” Series.