Businesses can improve their network security by separating devices into groups based on who uses them and what data they have, and controlling how these subnetworks can talk to each other. While network segmentation is often used by larger organisations, it is relevant to smaller businesses and can help prevent the spread of malware and limit attackers’ access to important, and often sensitive, information.

In larger businesses, different teams may be segmented to help control who has access to information and prevent unauthorised access. For example, members of the sales team don’t need access to systems used by the finance team so they are assigned to separate subnetworks and can only access the data and services that they require. This also helps protect the finance team’s sensitive data from would be attackers as malicious software introduced by someone outside of the team is unable to reach their data.

Smaller businesses can also benefit from network segmentation. An obvious example is when businesses provide Wi-Fi access to customers and other guest users. It seems clear that guests should not have access to the business resources. Patients sitting a doctor’s waiting room should not be able to forage around the doctor’s network. A customer, contractor, or supplier asking for the Wi-Fi password to quickly check something online shouldn’t be able to accidentally introduce malware to the business. However, it is not uncommon for businesses to give out their Wi-Fi password without a second thought and potentially expose their devices, and in turn, their data to bad actors.

The security of any network with Internet of Things (IoT) devices, also known as smart devices, connected can be enhanced with network segmentation. These devices, such as smart sensors, lights, and thermostats, CCTV and security systems, telephones, virtual assistants, and manufacturing plant, are small computers that are often insecure making them easy to hack. Once attackers breach an IoT device they have full access to your network. They can then use the hacked device to attack other parts of your network. Isolating IoT devices stops them from accessing sensitive information and potentially holding it to ransom.

It is common for home offices to share a single internet connection between home users and the business. This can pose a high risk as home users and visitors, often young people, may not practice good internet hygiene and can spend a lot of time online, increasing the chance that their device could become infected with malware. Once infected, the malware can spend every moment the device is operational trying to gain access to your business data. The risk posed by insecure IoT devices is also very relevant for home office users as people increasingly add devices such as smart lights, power points, appliances, and virtual assistants to their home networks. Isolating your business devices from the home network is critical to ensure that your business information remains safe.

Network segmentation adds another layer of protection to help keep your devices and important information safe while ensuring it remains accessible only by the people given permission to use it.