1... 2... 3... Security!

In the interest of providing clients with an accurate and easy to follow resource on network security I’ve planned a series of interviews from experts in the field about some of the overlooked basics of network security and why a secure system is so important for anyone running a digitally competent business. This week I sat down with BitFlip’s very own Director of Technology, Kelly Bond.

Kelly is an Ottawa based IT professional with a thorough understanding of his field and a passion for expanding his knowledge. He has a Bachelor’s of Information Technology (BIT) focussing on Network Technology from Carleton University as well as a diploma from Algonquin College for Information Technology.

Q: We hear the term “Network Security” thrown around a lot but experts never really stop to give a solid explanation of what that actually is, they just assume everyone knows. In your own words, what is Network Security and why is it important?

A: A network, when talking computers, is all of the connected devices (phones, computers, printers, etc) within your office. By connected, I mean these devices are linked to each other or to the internet. Network security is the protection of your devices from outside threats or from each other.

Asking why Network Security is important is like asking why you have locks on your doors. It is important to prevent unauthorized access to your information and ensure your devices’ data maintains integrity, confidentiality, and availability. Anyone running a business in this day and age uses a computer in some capacity. If that computer were to catch fire or be destroyed through other means, that would negatively impact that business. It would cost them money and time. The same can be said for the theft or loss of the data within that computer. Both have an equally negative effect on businesses and there are far fewer people trying to light your computer on fire then there are trying to break into it.

Q: Considering our small business clients, what would you consider to be the gold standard for Network Security?

A: Security is a multi-layer problem. You need to have protection from the outside to make sure nothing gets in, but you also need protection on the inside on every device. If you want to be smart about your security, you have to treat both the outside and inside as hostile. If I could have it my way, every office would have security on the network level (BitBox for example!), security on every single device (appropriate firewalls, anti-virus, and secure passwords), and policies in place to prevent unauthorized people from walking in with a laptop and infecting your whole system.

A common example of where network security should often be improved is guest wifi in an office - let’s say a doctor’s office. Commonly, small offices don’t have separate wifi for their guests. Their doctors and staff would be using the same signal. In this case, any patient or outside individual can sit down in the waiting room, pull out their phone, and with a few taps, be on the same network as the doctor’s computers. This could grant them access to patient files, payroll information, you name it! The solution is properly separated guest access. It should give your patients access to the internet - and nothing else.

Q: Where do you get your security news from?

A: The problem with sticking to any one media source is that the network security community is so distributed. One day Fortinet writes about ransomware as a service, on another it’s WikiLeaks with some Zer0-Days, or a hacker lecturing on breaking into a Jeep. I use multiple internet sources as well as mailing lists that are tailored to my interests and needs to stay up to date. @CVEnew is a great twitter account for lists of new common vulnerabilities and exposures. I also like to keep an eye on #netsec for recent network security developments and r/netsec.