Social Distancing For Computers

Social Distancing for Computers

 

Like humans, computers can catch viruses. However, while it might take months or years for a network of humans to completely spread a virus, a network of computers can be infected within minutes.

The average small business has a computer network in which every device can speak to every other device. Workstations can connect to networked security cameras, security cameras can connect to servers, servers can connect to printers, printers can connect to Point-of-Sale machines, and so on. From an information security point of view, this type of network is the equivalent of a large group of people all milling around a single room, breathing the same air and shaking hands with one another. A virus which infected one host could very easily (and very quickly) pass to each other host in the system.

The other extreme is an office filled with people individually sealed in their own rooms, or a computer network in which no device can speak to anything else. This is unsustainable, as sooner or later some parts of the system will need to connect with each other for the business to function. The network will be very secure against viruses but at the cost of everything else.

A happy medium is what the IT security industry calls “the principle of least privilege”. A network can be designed around the idea that each entity should have the minimum amount of access required for the business to function, but no more. By limiting communication between unrelated hosts, the virus spread is limited but business functions are not disturbed.

There are various ways to segment a network and the aim of them all is to effectively mitigate an infection in one “zone” from spreading throughout the rest of the business. If a weakness in the software of the security cameras is discovered and a virus infects one, that virus cannot access data on the office’s shared drive. If an employee clicks a malicious link in a phishing email, their workstation cannot spread the infection to the Point-of-Sale machines.

Network design is complicated but that doesn’t mean it should be left to the IT department. Likening computer separation to social distancing hopefully shows the principle in a way that means anyone in your business can join in on a network discussion and ask questions at a high level as security is everyone’s concern.

To further enhance security, much like segregation of duty in other roles, you should undertake an independent audit of your ICT environment regularly to ensure you know you are on the right path and   all key business stakeholders have clear visibility and confidence in the network architecture and the appropriate business continuity plans in place.

Does your network design help mitigate you from threats in your network? Contact Wireless Communications to find out!