Network security, is something like your own personal health. When you’re in good health, and fighting fit as it were, everything is hunky-dory. But as soon as you begin to feel under the weather, you suddenly realise just how much you took your good health for granted. Well, it’s exactly the same with network security. During the time it functions well, it also gets taken for granted. But as soon as it becomes compromised, we suddenly realise just why, network security is vital.
The Private Network of the Internet
In the broadest sense of the word there are two types of network. On a personal level, you have the internet, whereby any number of individual devices can share one common source of data. In this “personal” sense, network security is all about the security of the individual device (e.g. a PC, a laptop, a tablet). Most of the operating systems today that are preloaded onto the various types of devices all tend to incorporate a firewall.
This keeps them safe from any external prying eyes that are lying in wait out there in cyberspace. In addition you can of course purchase anti-virus, and anti malware programs. These can help to keep your device, and the data it contains, safe from unwanted surveillance, and/or the various viruses that can be unwittingly downloaded.
The Business Network or LAN
Now let’s take a look at business in terms of networking. This is where a whole new ball-game comes into play. It’s the game of business network security
Most Common Types of Business Network Threat
There are basically 3 types of threat a business network may be subjected to:
- Innocent Internal Infiltration
- Malicious Internal Infiltration
- Malicious External Infiltration
The Reasons Why Business Network Security is so Vital
Business network security is vital in order to avoid 2 things:
- The network becoming compromised and preventing people from being able to work efficiently, or even work at all
- The network being compromised, and through that attack, leaking sensitive or confidential data
Whereas neither of these network security threats is desirable, the download threat is something that can be dealt with, and the system restored to good working order. Of course, to be on the safe side, any business should have a business contingency/disaster recovery plan in place, in case of permanent loss of data; or worse, the theft of sensitive customer data.
Innocent Internal Infiltration
So we’ve established that business networks also suffer from the same “download threat” that private personal devices do. Okay, the threat has to get into, and find its way through, the server first. But there are many hackers around, who know how to go about doing just that. We’ll talk more about this in just a moment.
This type of “download threat” comes about through innocent internal infiltration. In other words, an innocent member of staff may browse the web during tea or lunch breaks, and innocently download programs that contain some sort of malware or virus. These “innocents” are totally unaware of the threat and the damage it can do. It is usually left to the IT department to repair the damage they cause.
All businesses should implement some sort of Web Acceptable Use policy, whereby employees are made aware of the dangers, and are instructed not to download anything onto their work devices. IT departments may also decide to block access to certain dubious websites.
This also means that some businesses may also want to discourage the BYO (Bring Your Own) device for work phenomenon. However, personal devices can still be managed on the business network, with the right platform.
Playing Big Brother
The truth of the matter is that many employees will still disregard certain rules and regulations that are put in place. It’s the “I didn’t think it applied to me” syndrome. Where businesses establish that this happens, they may feel it is prudent to introduce special monitoring software to check emails and Internet activity.
The increasing sophistication of phishing email
This is where many companies get caught out as whilst many of us are aware of phishing and how much more sophisticated it has become (along with social engineering that encourages users to follow a link or open an attachment), this is isn’t the case for everyone, especially when you consider that 80,000 people per day get caught out in this way.
Malicious Internal Infiltration
Malicious internal infiltration is a much more serious event. If uncovered it will usually lead to the sacking and possible prosecution of the guilty party. These people are technical cuties who may well have a grudge against their employer, and/or their work-colleagues. It may also be the case that they are working for an outside source, either for pay, or because they’re being coerced in some way.
Sneaking in Under the Covers
The problem is of course that these people are already have legitimate access to the network. So in terms of network security from an external threat, they’ve snuck under the covers and circumnavigated any protection that the IT department may have put in place. It’s a heinous act.
Instigating Diligent Network Security Checks
The only way that this can be detected is either by the IT department running frequent diligent checks into the network’s integrity, or by employing network security specialists (such as the network service provider, if they offer such a service) to do the job for them.
Malicious External Infiltration
Malicious external infiltration can cause just as much damage as malicious internal infiltration. The first line in defence is to have a good firewall in position - perhaps even a new generation firewall. This needs to be backed up with appropriate malware identification software. The problem is that a highly skilled hacker can sometimes circumnavigate the simple network security precautions. Once again, it’s a case of the IT department or running its diligent checks, or contracting the support company to do so, on their behalf.
As already stated, viruses and malware that prevent systems from working, or that throw spanners into the works, can usually be dealt with, once they have been identified. But the real problem comes with loss of its confidential or sensitive data.
Irrecoverable Leakage of Sensitive Data
When it comes to sensitive or confidential data being leaked to, or being stolen by, outside interests, it’s something that can prove fatal in terms of any business’s ability to survive. We’re talking about loss of data that a competitor can use to their own advantages. In other words, we’re talking industrial espionage.
Here’s the Bottom Line
Whether it’s sensitive pricing information, confidential design information, or future strategy information; in the hands of the wrong people this sort of data can cause enormous and perhaps irreparable damage. This is especially the case when companies store customer information as the theft of such could lead to a large fine.
With this in mind, regular audits should be carried out and it’s always wise to be prepared, something that we will go into in some more detail in a later post, so make sure you check back often.
Not sure about your network cabling? Wondering whether to go wired or Wi-Fi? Need a complex fibre network set up throughout a large building? Whatever the case, Quadratek are here to help so why not get in touch today to see how we can help your business.
Image: JHero Brasil