Separate IT networks are not a security solution

The philosophy of using two IT systems is that users are less exposed to malware via personal e-mail, social media or other software or applications. The idea is that one network is for personal use and another network for business. However targeted attacks are a much bigger problem for your business.

In theory it is a good idea to use two IT systems. One IT system that is securely shielded for work and one for all other issues which need to be dealt with when staff use an IT system. Staff can do their work on a locked and limited system that involves less risk to your organisation. On the other system staff can check their e-mail and use social media.

This is not a new trend. This setup has been around for as long as computers themselves have been used. Such systems could indeed reduce a security risk. However it is a very expensive way to secure your IT system. Twice the hardware, licenses, support costs and extra work for the IT department. The cost is will have most companies abandon this plan.

The idea of buying and supporting two PCs is still cheaper than paying for a ransomware attack. We can all agree with that however asking management to spend twice as much to exclude a hypothetical risk is hard to sell.

Hackers focus on the corporate system

A big reason that this separate IT system doesn’t work is that attackers don’t care if systems are separated. They focus on the business system of specific companies or individuals. The extra security of protecting your IT infra structure against attacks by using two IT systems is very small.

Business Email Compromise (BEC) is a good example. By taking over an account from a trusted person outside the organisation phishers can send an invoice with their own account as the recipient and the victim pays from the business account. Victims are not exposed to this through their personal e-mail, browsing or social media but through their business system.

There are more and more examples of BEC scammers who use an inherited account to fool victims. The criminals then attack a business partner that you have been working with for years. The email arrives in the same format and style that you are used to with perhaps a small change, for example the account to which invoices should be paid to. They are clever enough to make such a change with just a small invoice so that the victim is less wary and implement this change to their own payment records.

The scammer creates an e-mail rule on the system of the inherited account to ensure that e-mails are deleted from the legitimate source so that both the external party and the victim do not realise that they are being scammed. When the scam with the small amount has been successful the scammers ask for a large sum of money. Nobody realises that something is wrong until the creditor complains after a few weeks or months why payment hasn’t been made. BEC fraud is starting to become so organised that it is difficult to notice.

Article continues under image

Separate IT networks are not a security solution

Virtualisation is a cheaper alternative

The value of separate IT systems is in shielding a system when a rogue website is visited. There are alternatives to physical separating two computers. You can build an environment that separates all internet traffic and e-mail from the rest of the business network. Various software products virtualise browsers, e-mail clients and entire operating systems to prevent rogue attacks. Products that perform partial virtualisation do not offer as much protection as virtualisation of the entire operating system but they offer protection against most common attacks.

Many organisations use virtualisation to protect staff internet and e-mail traffic with something like Citrix. Users then only have to click on an icon and instead of running the regular program a separate instance of the same program is started.

Tech-Wales IT for Business

At Tech-Wales we offer excellent and customer friendly business IT support. Our friendly and highly trained staff can upgrade or build a safe and secure business IT structure tailor made for your business. We are experts in cyber security and will ensure your business IT structure is safe from unwanted attacks. Feel free to contact us to discuss your business IT system.