Communications, Networking and Security
Communications, Networking, and Security are fundamental components of contemporary business operations, enabling organizations to exchange data and information swiftly and accurately. As businesses increasingly rely on computer networks to facilitate communication within and outside their operations, they can enhance efficiency and responsiveness in a global marketplace. This interconnectedness supports a range of activities, from managing inventory and customer relationships in small businesses to handling sensitive financial data in banking and coordinating complex projects in engineering firms.
However, the reliance on these technologies introduces significant security risks. Networks are vulnerable to various threats, including external cyberattacks and internal breaches, which can compromise data integrity and organizational reputation. Effective network security involves implementing safeguards to protect against unauthorized access, data theft, and system sabotage. Organizations must also be aware of evolving risks, such as insider threats and malicious software, which can disrupt operations and lead to costly consequences.
To navigate these challenges, businesses are encouraged to adopt comprehensive security measures, including firewalls, encryption, and strict access controls. Overall, mastering communications, networking, and security is not just a technological concern; it is essential for maintaining trust and competitive advantage in today’s fast-paced digital economy.
Subject Terms
Communications, Networking and Security
Abstract
One of the keys to success in most twenty-first-century businesses is the ability to exchange data and information quickly and accurately. Networks of computers enable organizations to better perform their tasks and meet the needs of their customers. Networks are particularly useful for enabling the fast transmission of messages, information, and documents and for allowing virtual meetings over long distances. Such technologies are not without their drawbacks, however. Networks are at risk from numerous threats, both internally and externally. Although network threats continue to evolve, there are general precautions and specific technologies that can be used to reduce network security risks.
Overview
Most organizations need to be able to access data and communicate within the organization or between the organization and outside agencies. The dry cleaner on the corner needs to be able to quickly locate the customer's contact information as well as the customer's clothes. The mom-and-pop grocery store needs to know what items it has in stock and what items it needs to order, and to communicate with suppliers so that it can continue to serve its customers. Banks need access to multiple types of sensitive personal and financial information about their customers and be able to account for every cent in a customer's account. Engineering firms need to be able to share and coordinate information between employees and work teams, order supplies and equipment, and communicate with customers and government agencies. No matter the type of organization, information management and communication are vital to success in the twenty-first century. Modern technology offers organizations better ways to communicate and manage and exchange information than ever before. The ability to network or electronically link computers together further enhances the organization's ability to optimize these technologies to enhance performance and improve viability in the marketplace. In the information age, communications networks have become a necessity for most businesses to facilitate information flow, reduce data transmission time, and enable employees across the company or across the globe to work together more effectively.
There are compelling reasons for the use of communications networks in organizations. One of these is the trend toward globalization in which businesses no longer operate only locally but have customers and operations across the world. This trend creates an interconnected, global marketplace operating outside the constraints of time zones or national boundaries. To be successful in the global marketplace, businesses also need to be able to communicate and exchange information outside of these constraints.
In addition, the increasing use of high-speed communication technologies for information exchange has changed the expectations in many industries. Businesses are no longer willing to wait for information to be delivered via the mail but need and expect it immediately to keep their processes going. The increasing ability to communicate has also resulted in enterprises becoming more aware of what is going on in other departments and functions within the organization as well as forming strategic alliances with other enterprises for their mutual benefit. This trend extends to suppliers and agencies that have an impact on the enterprise's functioning.
Communications networks can be used for these purposes. One of the most common uses of network capabilities is the electronic transmission of messages and documents. These capabilities include e-mail, voice mail, electronic document exchange, electronic funds transfer, and Internet access. In addition, communications networks can be used for purposes of e-commerce to buy and sell goods or services, including products and information retrieval services, electronically rather than through conventional means. Networks also support group activities, such as the ability to hold meetings with participants at geographically dispersed sites. Audio and videoconferencing capabilities combined with electronic document exchange capabilities can obviate the need for extensive travel to meetings.
Although data communications and networking bring capabilities to businesses that enhance performance and allow them to do things that were previously more laborious and time-consuming, the use of this technology is not without its risks and complications. Without adequate safeguards in place, networked computers are open to both external and internal attacks. Such attacks can affect the validity of data, the reliability of network processes, and harm not only the organization's reputation and ability to do business but the customer's security and safety as well. The impact of security breaches on the customer can range from false charges to the theft of sensitive information or even identity theft of the individuals whose data are contained in compromised databases. Therefore, it is essential that a business protect its information technology assets. The destruction or sabotage of information technology hardware, software, or data can be expensive for the organization. However, software not only can be erased, it can also be altered or corrupted so that it produces invalid results or so that the system becomes unreliable or unusable.
Threats to the enterprise's network security can come not only from external hackers who gain access to the system illegally but from the business's own employees as well. An example that gained widespread notoriety in 2023 was the extraction of classified government material from a secure network and its dissemination to a global audience. This was done by Airman Jack Teixeira of the Massachusetts Air National Guard. In what has been reported as an activity Teixeira’s engaged in for a number of years, Teixeira was accused of downloading this material and making it available to a gaming community on the computer application called Discord. What this incident demonstrates is that regardless of the electronic security measures put into place by an organization, “insider threats” will always exist.
Another way in which computer systems and networks can be vulnerable is through computer viruses and worms. These are malicious programs or pieces of code that are loaded onto a computer without the user's knowledge and against the user's wishes that alter the way that the computer operates or that modify the data or programs that are stored on the computer. Simple viruses can self-replicate and use up a computer's memory or otherwise slow down or disable a computer; more complex viruses can transmit themselves across networks and bypass security systems to infect other computers or systems, corrupting or erasing programs or data. Computer viruses can be loaded onto the computer intentionally by internal or external hackers, but also through the receipt of infected email attachments.
A business or enterprise may become susceptible if sufficient security measures are not in place. One category of computer crime involves the unauthorized entry of criminal hackers into the enterprise's computer system. Piggybacking is one type of crime in this category. In piggybacking, the criminal uses the codes or passwords of an authorized user to gain illegal access to the system. Piggybacking is also used to refer to the unauthorized use of a terminal in the system. Another type of computer crime involving illegal access is entry through a trapdoor. These are unknown entry points into a program or network that allow criminals to gain access to and control the system.
A second category of computer crime involves intentional damage to the system's data. Data diddling involves the changing of data and information before they enter the system. As opposed to honest mistakes or keyboarding errors, data diddling is intentionally done with the purpose of damaging the ability of the enterprise to do business. Similarly, data leakage is the intentional erasure or removal of files or even entire databases from a system without leaving any trace that they have been removed or even that they existed. Data leakage can result in cost to the enterprise in the recovery or replacement of the lost data as well as from loss of customers’ confidence due to errors resulting from the data loss. Customers can also be harmed from data leakage if the leakage results in receipts or credits not being posted correctly or at all. Another way in which the enterprise's communications networks can be harmed is through zapping, the process of damaging or erasing data and information. Scavenging is another type of crime in this category. It involves searching through the physical trash can in the computer center or the electronic trash can in the computer to find discarded data or other information about the system's programs or processes. Zapping typically occurs as a result of the criminal bypassing the enterprise's security systems.
Another category of computer crime revolves around the attempt to steal or capture data in the enterprise's systems. Eavesdropping is the use of electronic surveillance devices to either listen to or capture the content of electronic transmissions. Similarly, wiretapping is the use of any device to capture data during transmission electronically or to listen to conversations that take place over the network. Both wireless transmissions and those that occur over copper wire are susceptible to wiretapping. In addition, small amounts of the enterprise's data can be captured or rerouted through salami or data slicing. This crime involves the development or modification of software to capture small amounts of financial transactions and redirect them to a hidden account. Because the amounts ("slices") are so small, they typically go unnoticed. However, over time, a large volume of small losses can yield a significant amount of stolen money.
Computer criminals often are not out to steal data or money from the enterprise but merely to sabotage its computer systems. Logic bombs are programs designed to sabotage data, programs, or processes. Logic bombs are set to execute when certain conditions exist in the system. Similarly, time bombs are programs that monitor the computer's internal calendar and execute on a specific date. Trojan horses are programs that look as if they perform one function but do something else. Although Trojan horses appear to be harmless applications, once they are loaded into the computer, they wreak damage.
Because of the potential for external and internal attacks, information technology systems need to address several levels of security issues. In general, the enterprise needs to protect its information technology resources from both intrusions by forced, unauthorized entry into the system as well as interception and capture of data by unauthorized personnel. The security of the computer centers and other rooms where information technology processing activities take place and data and other resources are stored must be ensured. This includes the security of equipment and facilities. Unauthorized users need to be denied access through security protocols and procedures. Similarly, the security of both the data and application software needs to be considered. The enterprise needs to put into place security procedures to limit access to data and processes for those who do not need to access them. In addition, communications networks, access to the Internet, and any intranets or extranets must be carefully controlled to limit the potential for viruses and other opportunities for hackers.
Applications
General measures can be taken to help protect the enterprise and its communications networks from security breaches. An obvious first step is to hire trustworthy, reliable employees who will not sabotage the system or steal data and who will safeguard the system from possible intruders. To assist employees in this task, however, other general policies and procedures can be put in place to help reduce the risk of computer crime. The enterprise's computer networks should only be accessible using a codeword and password. Employees should keep these confidential and not allow unauthorized access to their terminals. Employees should be encouraged to report any suspected security breaches immediately. In addition, it is often helpful to set up the system so that it requires users to change their access passwords frequently. For situations where sensitive, classified, or otherwise restricted data are stored, used, and processed, in some cases, it is cost-effective to use biometric devices such as retinal, fingerprint, or palm scanners. Such devices are extremely difficult to access without authorization. Similarly, many organizations set up security procedures to control who is allowed to gain access to the system and the data. Employees should be educated on the importance of data and system security, the ways that computer criminals gain access to systems, and guidelines on how to respond when unauthorized access is suspected.
Other ways to keep data secure include not allowing users unlimited access to the system. Users should only be able to access the data and functions they need to use for their jobs. For those functions that are critical in value or risk, procedures can be set in place so that more than one authorized employee is necessary to gain access to those functions or data. In addition, data can be scrambled, coded, or otherwise encrypted to make it more difficult for potential hackers to use them. Similarly, network and database administrators should be given separate responsibilities for controlling system access. In some situations, it can also be helpful to keep a record of all transactions and user activities and the person responsible for each. From time to time, the system should also be audited by an independent party. In an audit, the transactions and processing should be analyzed to determine if there were any unauthorized activities and what impact transactions and processing had on the integrity of the system.
There are specific measures that an enterprise can take to reduce the possibility of experiencing as security breach. Virus protection software comprises special application programs that scan the computer to detect or intercept viruses before they gain access to the computer. There are two types of virus protection software. Scanning programs search the computer's memory for viruses, typically notifying the user if any are found. The user can then use the software to destroy the virus and repair any damage if possible. Detection or interception programs monitor the computer's processing and stop viruses from accessing and infecting the computer. Another way to prevent damage from viruses is through digital signature encryption. This technology transmits a mathematically encoded signature that can be used to authenticate the identity of the individual sending a message.
Another application of encryption technology is to code data transmissions so that they cannot be easily intercepted by hackers or other computer criminals. One way to encrypt data is by public key infrastructure. This technology uses an algorithm to create a public and a private key. The private key is given only to the requesting enterprise, whereas the public key is a searchable directory. To transmit a message, the sender searches a digital certificate directory to find the recipient's public key and uses it to encrypt the message. The message is decoded by the recipient using the private key. Security credentials and public keys are issued and managed by an independent certificate authority. Messages can also be encrypted by a "pretty good privacy" (PGP) program. This program is available as freeware or shareware and works with most popular email programs. The public key is part of the program and is registered with a pretty good privacy server. A third option for data encryption is using a virtual private network. This technology uses a public telecommunications infrastructure to provide secure communications between individual users or between the enterprise and remote locations.
Firewalls are another security measure employed by many enterprises. A firewall is a special-purpose software program or piece of computer hardware that is designed to prevent authorized access to or from a private network. Firewalls are often used to prevent unauthorized access to a private network from the Internet. The firewall is located at the network gateway server and examines incoming messages to determine their origin, destination, purpose, contents, and attachments before making the decision whether to forward the message to the intended recipient. Although firewalls are useful for protecting against intruders, they often filter out executable programs or attachments of excessive length on the assumption that they may contain harmful content. Historically, firewalls have been separate application programs loaded onto a system. Increasingly, however, they are being built into operating systems and communication devices.
Another information technology security device is the proxy server. These devices are an intermediary between a personal computer and the Internet. They separate the enterprise network from the Internet or other outside networks. Proxy servers are often used in tandem with firewalls. When they receive a request to access the Internet, they determine whether the user is allowed to make the request and then look to see if a copy of the requested web page is stored in the cache. If the web page is stored in the cache, it is sent to the user; otherwise, the server requests the page from the Internet.
Future Trends
According to Forbes, by 2025 cybercrime is expected to inflict $10.5 trillion in damages. Open source code, which is software made readily available for modification, is described as an avenue where hackers can easily access and exploit software vulnerabilities. Open source accounts for 73% of all code, and 84% of the code bases which employ it are at-risk. Among the dangers associated with new technologies such as Artificial Intelligence (AI) will be its inevitable hijacking at the hands of hackers.
Terms & Concepts
Cache Memory: Special high-speed random access memory that temporarily holds frequently used data or information.
Firewall: A special-purpose software program or piece of computer hardware that is designed to prevent unauthorized access to or from a private network. Firewalls are often used to prevent unauthorized access to a private network from the Internet.
Hacker: Although the term is used by some to refer to any clever programmer, it is used specifically to refer to an individual who attempts to break into a computer system without authorization.
Information Technology: The use of computers, communications networks, and knowledge in the creation, storage, and dispersal of data and information. Information technology comprises a wide range of items and abilities for use in the creation, storage, and distribution of information.
Local Area Network (LAN): Multiple computers that are located near each other and linked into a network that allows the users to share files and peripheral devices such as printers, fax machines, and storage devices.
Metropolitan Area Network (MAN): Computer networks that transmit data and information citywide and at greater speeds than a local area network.
Network: A set of computers that are electronically linked together.
Security: The process of safeguarding and protecting the data, hardware, software, and processes of a business's information technology assets.
Virus: In computer science, a virus is a program or piece of code that is loaded onto the computer without the user's knowledge and against the user's wishes that alters the way that the computer operates or that modifies the data or programs that are stored on the computer. Simple viruses can be self-replicating and use up a computer's memory or otherwise disable a computer; more complex viruses can transmit themselves across networks and bypass security systems to infect other computers or systems.
Wide Area Network (WAN): Multiple computers that are widely dispersed and that are linked into a network. Wide area networks typically use high-speed, long- distance communications networks or satellites to connect the computers within the network.
Bibliography
Brooks, C. (2023, Mar. 5). Cybersecurity trends & statistics for 2023; what you need to know. Forbes. Retrieved June 12, 2023, from https://www.forbes.com/sites/chuckbrooks/2023/03/05/cybersecurity-trends--statistics-for-2023-more-treachery-and-risk-ahead-as-attack-surface-and-hacker-capabilities-grow/?sh=7b6b125b19db.
Dey, D., Lahiri, A., & Zhang, G. (2012). Hacker behavior, network effects, and the security software market. Journal of Management Information Systems, 29, 77–108. Retrieved November 26, 2013 from EBSCO online database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=83778605
Gupta, A., & Zhdanov, D. (2012). Growth and sustainability of managed security services networks: An economic perspective. MIS Quarterly, 36, 1109–A7. Retrieved November 26, 2013 from EBSCO online database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=83465896
Juels, A., & Oprea, A. (2013). New approaches to security and availability for cloud data. Communications of the ACM, 56, 64–73. Retrieved November 26, 2013 from EBSCO online database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=88141518.
Lucas, H. C., Jr. (2005). Information technology: Strategic decision making for managers. New York: John Wiley and Sons.
Mangili, M., Martignon, F., & Paraboschi, S. (2015). A cache-aware mechanism to enforce confidentiality, trackability and access policy evolution in Content-Centric Networks. Computer Networks, 76126–145. doi:10.1016/j.comnet.2014.11.010. Retrieved December 3, 2015, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=100172999&site=ehost-live&scope=site.
Prince, B. (2014). Cybersecurity. Forbes, 194, 136–142. Retrieved November 5, 2014, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=98671704.
Security of the Internet and the Known Unknowns. (2012). Communications of the ACM, 55, 35–37. Retrieved November 5, 2014, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=76246878.
Senn, J. A. (2004). Information technology: Principles, practices, opportunities (3rd ed.). Upper Saddle River, NJ: Pearson/Prentice Hall.
Strauss, K. (2015). How small businesses can improve their cyber security. Forbes.com, 8. Retrieved December 28, 2016, from EBSCO online database Business Source Ultimate. http://search.ebscohost.com/login.aspx?direct=true&db=bsu&AN=108779819&site=ehost-live&scope=site.
Toler, A., Browne, M., and Barnes, J. (2023, Apr. 21). Airman shared sensitive intelligence more widely and for longer than previously known. The New York Times, Retrieved June 12, 2023, from https://www.nytimes.com/2023/04/21/us/politics/jack-teixeira-leaks-russia-ukraine.html#:~.
Suggested Reading
Engebretson, D. (2004). The beginnings: Beyond the PC. Distributing & Marketing, 34, 74–76. Retrieved May 14, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=14161943&site=ehost-live.
Hui, K.-L. , Hui, W. , & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29, 117–156. Retrieved November 26, 2013 from EBSCO online database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=85985315.
Kamens, M. (2007). Making user access policies work for you. Network World, 24, 33. Retrieved May 16, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24605995&site=ehost-live.
McPherson, D. (2007). IP network security: Progress, not perfection. Business Communications Review, 37, 54–58. Retrieved May 14, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24345324&site=ehost-live.
The practice of network security monitoring. (2014). Network Security, 2014, 4. Retrieved November 5, 2014, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=99067788.
Sax, D. (2016). State-of-the-art safeguards. Bloomberg Businessweek, (4467), 51–52. Retrieved December 28, 2016, from EBSCO online database Business Source Ultimate. http://search.ebscohost.com/login.aspx?direct=true&db=bsu&AN=113631090&site=ehost-live&scope=site.
Stallings, W. (2013). Business data communications: Infrastructure, networking and security. (7th ed.). Boston, MA: Pearson.