In today’s world of increasing competition for customers, some companies and individuals will stop at nothing to gain a competitive advantage. Sometimes this will include industrial espionage, and due to most companies increased exposure to the internet, this can take the form of corporate hacking and data theft.
When we design a corporate network for a client, we start by eliminating the basic security risks involved with fundamental internet access – i.e. internet access, and sending / receiving emails. For us this is a non-negotiable part of our network design stage, and once completed, our client is informed of further measures that can be taken to avoid unauthorised data access by third parties.
Since most companies tend to already have some form of corporate network, a lot of our new customers come to us for ideas on how to upgrade / expand their existing network, and not to simply install a completely new one. In these cases, or whenever we are called to consult on existing networks and offer support solutions, one of the first things that we perform is a security audit. This involves identifying the risks that each company is exposed to from their use of the internet or other public networks.
Once we have performed the security audit and implemented the measures that we have specified, we perform tests to verify the integrity of the solution we have offered. This takes the form of test-hacking or ethical hacking by a Certified Ethical Hacker (CEH) in order to certify that the solutions we have offered are effective in reducing or indeed eliminating the risk of unauthorised access.
Our experience has taught us that there are two main avenues of risk, and we offer solutions to prevent both:-
The first is external risk mainly via internet / public network exposure – a company may have a relatively relaxed policy of internet access for its employees, and this in itself can cause many security breaches and a general loss of productivity. The company could also be hosting a remote access server of some kind or a mail / web server inside its corporate LAN for access by employees when they are out of the office.
The second is the risk of internal data loss via a member of staff. This can take the form of unrestricted or unmonitored access to internal network resources (file shares, shared email folders etc.), or intentional data theft by an employee for whatever reason. Another form of internal risk is the explosion in the use of social networking sites. Nowadays, most employees use social media for personal and some for corporate use, the effect of this is that some employees, either intentionally or unintentionally may publish sensitive or confidential data pertaining to the work that they are doing, or research they are performing for their company.
This gives other companies a competitive advantage in recognising future products / services that their competitors may be involved in, and many times this is done purely accidentally by the original company, whose employee may have simply updated their social webpage profile with a project that they are working on.
We have developed a multi-layered approach to security though many years of experience in the field, working with small local companies with limited risk exposure, all the way through to companies with multi-site, remote access environments with high-risk exposure. The advantage that we offer to all of our clients is our knowledge in security risk assessment and reduction that we have gained through working with companies with high-risk exposure to hacking or other unauthorised access. We then use this experience to offer solutions to safeguard the data and integrity of all the networks under our support umbrella, from the smallest to the largest companies.