"When it comes to networks, every business should be constantly asking themselves one question - How safe is our data, really?"

Network security is traditionally about protecting your network from external attack. Firewalls are put in place to stop unauthorised access from intruders on the internet and various pieces of virus software are installed to protect our workstations from incoming email that may be infected. There are all kinds of precautions available to combat this type of threat and an entire industry has grown around the idea of securing your network resources.

However businesses generally overlook the risk of internal security threats. The biggest threat to the security of network data comes from people inside the organisation. Disgruntled staff members can be extremely destructive to your data, which can have significant effects on your business. Threats of this nature are by no means the domain of corporate style companies, small business is also open to these threats and the effects can be even more devastating. One of my clients experienced this exact problem when a departing employee deleted all of their email which contained important communications from their clients. One of my suppliers had a similar problem when their network data was destroyed and they were forced to close their business because of it. Disgruntled departing employees can take confidential information to competitors or delete important data as they leave.

The question is how can you protect yourself from these risks?

The answer can be quite simple. Steps can be taken to protect important network data by rationalising data access.

The first step,

The development of a security policy

By defining who needs access to what data we can set about managing data access and thus exposure to risk. This can be as simple as making sure everyone in your business has a unique and secure password that only they know. If your data is centrally managed access can be controlled by the user name and unauthorised access to data is effectively controlled. If people only need to be able to read certain documents then make sure they only have enough access to read those documents and not to edit or delete them.

Implementation of this type of policy is very simple with Network Operating Systems, which allows 'permissions-based' access to shared data. With Windows servers for example, by right clicking on any folder and selecting 'Properties', folder attributes can be managed. Clicking on the 'Permissions' tab allows you to manage all access rights to the folder. Care should be taken to ensure that the administrator always has access to folders. A simple policy like this can greatly reduce the internal security risk of a small business by limiting how much damage can be done by a single user. It is also essential that effective backups are made of your critical data, including email, and that this is kept off-site. So, if any data is lost or destroyed in can be easily restored, reducing the potential impact to your business.

It doesn't take much to provide effective security to your internal network, but it is an often overlooked aspect of IT management. Make sure that the only people with access to data are those that need it to do their job.

Jasper Rowe is the director of Solutions Network Integration a partner of Freestylemedia. A company specialising in the IT Support of small business. For more information on securing your internal data just email news@freestylemedia.com.au