Security and connectivity are the two most important factors for business internet services. Your business needs to be connected to the outside world so your people can work productively, you also need to know the data travelling along your internet connection (be that phone calls, video calls, emails, collaborative documents, employee log in details) remains secure and uninterrupted at all times.
As we’ve written about in a previous blog, business customers have two main options for internet connectivity: broadband internet or a leased line. A leased line is a dedicated telephony and internet connection that’s always active and available for the sole use of your business. (This is different to broadband internet, which is shared by other users, which can reduce data speeds at peak times).
A leased line tends to be the best option when you transfer a lot of data and you need consistently fast data transfer speeds. For example, an office of more than 20 people using VoIP and/or sharing large files will notice the difference when using a leased line compared to broadband.
What are the security implications for leased lines?
So far, this blog has outlined the connectivity considerations of using leased lines. In terms of security, leased lines are generally considered more secure than broadband, because they offer a dedicated (or private) line. When a leased line is used with an appropriate router and firewall settings (thereby preventing unauthorised users from connecting to the line), it will be more secure than a broadband connection.
However, it is still important to note that leased line technology is not specifically designed to answer security concerns. Leased lines are designed to offer greater connectivity speed and reliability than broadband, and their security benefits arise from the privacy of the dedicated connection. There is no data encryption built into a leased line so if a hacker did gain access, in theory they would be able to ‘see’ your data. If data security is a particular concern for your business, it’s worth learning more (or asking your friendly, local IT suppliers) about the potential security risks for leased lines and what other security services you may need.
Security risks of leased lines
The main security risks for leased lines are as follows:
- Wiretapping – a physical connection to your line that could be at your offices, at manholes through which your connection passes or at undersea cable landing stations.
- Hacking your leased line provider – which requires specialist networking knowledge to be effective.
- Distributed denial of service attack, where hackers overload the hardware servicing your leased line circuits (i.e. hardware owned by your provider).
- An attacker intentionally cutting a cable that carries your leased line circuit, though your provider would swiftly pick this up, as they continuously monitor their services.
- Unintentional damage to the cable, due to manual work carried out in the street. This is the most likely scenario, but it’s a risk to the security of your connection, not to the security of your data itself.
As you can appreciate, each of the above scenarios (with exception of unintentional damage) are either relatively high risk or relatively expensive for the attackers. As a result, they’re likely only to attempt these if they know they’ll access highly valuable data. For most small to medium businesses the risks of the above aren’t non-existent, but they are relatively low.
In the possible scenario of accidental damage, this is actually a far bigger risk to business connectivity than it is to business security. The ideal mitigation strategy is to have a back-up leased line or internet connection, and whether or not this is worth the extra cost depends on your business requirements.
Practical considerations for leased lines
While leased lines are relatively secure, there are two other important points which are worth considering together.
- What is the entire data transmission path and where is the lowest security point on that path?
- What is your budget for telephony and connectivity?
If you have a leased line for your business premises you also need to consider how employees will connect to your business network if they’re offsite. Remote workers connecting from home will almost certainly be using their home broadband, which means they’ll be sending data, including their log-in credentials, using a shared connection. No matter how much of your network is protected by a leased line the overall network security is only as strong as the weakest link: in this case, your remote employee connections. This links to the second consideration above: is it affordable to install a leased line for each employee to access your business systems? Probably not. Another option will be far more practical, not to mention affordable.
Designed for security: Virtual Private Networks (VPNs)
A Virtual Private Network uses a connection you already have (for example, broadband, mobile network or a leased line) and provides encryption and authentication. Unlike leased lines, which aren’t specifically designed for security, the job of a VPN is to provide security by encrypting your data when it is transmitted and authenticating uses who are receiving your data, to ensure they are authorised to access it. Because of the encryption, if an unauthorised attacker does manage to access any of your data transmissions, all they would have are meaningless strings of alpha-numerical data which are worthless.
In many business contexts, leased lines are used in combination with VPNs to provide both excellent connectivity and excellent security. An ideal use for a VPN is to provide security for connections between different office sites or when an employee remotely connects to your business network and systems.
At ITS we are happy to advise on what is most appropriate for your specific business and its requirements. This means you can avoid paying for services that aren’t necessary for your business, while also knowing your business data is secure enough for your purposes.
Other security considerations
VPNs are designed to provide security for your data. One class of risk they can’t protect against, however, are attacks that trick your employees to visit compromised websites and/or download malware with the goal of harvesting their log-in information. This risk remains whether you use a leased line, a VPN or both together. These kinds of attacks are by far the cheapest and easiest ways for hackers to access sensitive data.
To combat this kind of security risk, it’s imperative to raise awareness of phishing and other tactics among your employees. We also advise making use of two-factor authentication, always using strong passwords which are changed regularly and educating your people, so they understand why these measures are so important.
Need support to strengthen your cybersecurity? We can help – please get in touch.
Easily navigate the security risks for your data
Contact ITS for advice from our friendly, expert team on the latest and most cost-effective mitigation strategies for keeping your data secure. Our team are always happy to help.