Securing IT networks

Most small firms are connected to a computer network – even if they do not realise it. If all you have is one computer connected to a broadband router that provides internet access, you are still connected to a network.

Infrastructure that connects computers together is a network. It can be public (e.g. the internet) or private (e.g. cabling within an office), and networks can be wired (Ethernet), wireless (Wi-Fi) or both.

The device that controls the information passing between the computers is called a router. Normally, even if just two computers are connected to the same piece of cable, all messages between them pass via a router.

All networks are potentially vulnerable to intrusion. The 2014 information security breaches survey, commissioned by the Department for Business, Innovation and Skills, reported that a third of small businesses detected a significant attempt to break into their networks in the past year, with 12% reporting that their networks were actually penetrated.

Many attempts pass unnoticed – as do many successful attacks. Research by antivirus software provider Kaspersky Labs suggests that 28% of SMEs (small and medium-sized enterprises) have been victims of an network intrusion.

How IT networks can be protected

The operating systems of most modern computers contain a built-in personal firewall, meant to protect that individual computer from external attack. Many PC security packages replace the operating system firewall with their own, which is intended to be more effective and easier to use.

If you have a computer that did not come with a personal built-in firewall, buy or download one immediately (some of the well-known free products are highly effective).

If you only have one computer connected via a router to the internet, a personal firewall is probably all that you need. However, most SMEs will have many computers on their network and will want to share data between them, while ensuring adequate protection from outside attack. In this case you will need a secure local area network (LAN) and one or more network firewalls separating your LAN from the internet. Find out more about network firewalls and designing secure networks.

Wide area networks

If your business operates from more than one site, you will probably want to share information securely between them. There are two ways you can do this. You can create your own wide area network using private cables or leased circuits, or you can create a virtual private network (VPN) using encryption over a shared bearer (eg the internet). In either case, it will be your network firewalls that control secure communication between different locations.

Wireless networks and remote access

Wireless networks bring additional security problems, because anyone within range of the wireless router can potentially listen in or even join the network.

You may want business partners or employees to be able to access your internal networks remotely, but you will probably wish to limit what information they can access.

If (despite your best efforts) your network is attacked, you need to know about it. You also need to know if your network is successfully resisting attempts.