8 Best Practices for Branch Network Management
This year, network security is a top concern for multi-location businesses with point-of-sale (POS) environments. Network resilience and reliability is also top of mind to avoid losing revenue, reputation and customers. Yet, without a properly secured and segmented branch network, business continuity is already compromised. The two go hand-in-hand.
Netsurion has compiled a list of branch network management tips for multi-location businesses.
- Separate your guest Wi-Fi from your business LAN. Guest traffic should always be segmented from your business network. Using a unique subnet with a family-friendly DNS can also help prevent malware from infecting your guest LAN.
- Review QoS requirements. New applications, added employees, expanded locations and just a shift toward applications policy enforcement can make QoS reviews an important part of your annual checkups.
- Use a specific subnet for POS terminals. Segmentation of POS traffic is required for compliance with the Payment Card Industry Data Security Standard (PCI DSS). With a distinct subnet on a specific port, an edge device can then steer traffic to either the WAN or to an LTE interface (and/or failover between the two). Additionally, with a segmented POS, traffic profiles can be used to identify the URL and IP addresses of the payment processor, and then any additional traffic can be dropped.
- Use non-standard subnets when possible. Many ISPs use the standard default gateway of 192.168.1.254 or 192.168.1.1 or something in the 192.168.1.0/24 range. The default settings for most consumer-grade devices to get to their management interface is usually in that range, as well. Choose a higher range in the 192.168.0.0 subnet or use 10.10.0.0 or the 172.16.20.0-172.32.00 range. Each branch location should have a unique addressing scheme that fits its particular IT network. Having separate subnets can help with security and LAN segmentation, and is definitively recommended for a secure LAN environment.
- Align your budget to your goals and risks. What about connectivity failover? Does your local ISP have latency issues? Packet loss rates going up? Maybe it’s time to improve resiliency by adding more LTE failover bandwidth into this year’s budget.
- Review logins and employee turnover. Miscommunication between Human Resources (HR) and the IT department regarding departing employees can create a security gap, especially for employees with administrative access. Watch for login credential threats and maintain a least privilege policy.
- Perform an annual security review, and update the company’s security policies. Educate all employees to the dangers of phishing scams, clicking on unknown links, and a general awareness of the cybersecurity issues surrounding all of us on a daily basis.
- Don’t trust the local broadband provider. Doing so can cause frequent packet drops as well as increased potential for blackouts. A cellular failover plan provides peace of mind and is recommended for businesses that transact with payment cards. Netsurion enables other MSSPs to offer SD-WAN with integrated Wi-Fi and cellular failover. Pooling of cellular data access across the whole network helps reduce costs. Furthermore, the revenue that is not lost during the average 0.1% downtime of broadband may pay for the failover service and the managed firewall service, proving a great return on investment (ROI).
May enhanced network security and uptime serve as an enabler of business growth and customer engagement. Happy 2020!
This guest blog is part of a Channel Futures sponsorship.