Most small business networks grow and evolve as the business grows. In a way, this is good. It shows that the business is growing, getting stronger. Unfortunately, from a network perspective, it may be a disaster in the making.

Most small business networks are set up in a peer-to-peer (P2P) format. By contrast, large corporate networks are set up in a domain format. what does this mean to you?

First, let’s define the two network formats. In a P2P format, each PC is responsible for its own security access. Basically, each PC is the same as any other PC on the network. These networks typically consist of fewer than ten computers and require a large amount of administrative overhead to function securely.

In this format, the attitude of the user population is of paramount importance. If they have a high level of security awareness, their network will be more secure; if not, your network will be open to internal exploitation.

You can see the problem. Ten computers and ten administrators equals little responsibility.

In a domain system there is a single point of administration, your network administrator. He is responsible for maintaining the network.

A network setup in this format consists of at least one server, a domain controller, to manage the rest of the network. This domain controller manages user and computer access, freeing the network administrator from the need to touch every PC on the network.

When a user logs into their PC on a P2P network, they only authenticate to it, on a domain system it is a bit more complicated.

In a domain system, she logs into her computer, her login ID is first verified with the domain controller. If she is found, she is granted access to the network resources assigned to her. He is then allowed to log in to her desktop. If her ID is not found, then she only has access to her local PC.

Now that you know a bit about the two network structures, you can see the advantages of domain design.

As stated above, this format requires planning to achieve. You need to sit down and outline what you want your network to accomplish.

Consider what access your users really need to do their jobs. In the world of computer security, this is called granting the least amount of access necessary to get the job done. Do your sales reps really need access to your financial files? What about external providers?

All of this needs to be thought through and addressed.

Here’s an example of how I set up a small sales organization. This business consisted of about eight employees and the two owners. With the help of the owners we defined three groups of users.

The owner group was granted full and complete access, while each of the other groups received lesser and different access. The management group received access to financial and administrative functions, and the sales groups received assessment of customer and sales management data. Specifically, they were excluded from financial and administrative and property functions.

Additionally, we set up auditing of successful and failed attempts to view certain types of data. We did this to add a layer of accountability to the network. This increases the security of your customer data because we can now know who and when the data was accessed.

Network security personnel know that most network security breaches occur from within.

In my experience, most small businesses use the P2P format because it is the easiest to implement and because they are unaware of the security compromises they are working under.

This can be a time bomb for your business. Eventually, you will experience a security lapse that could land you in court.

For example, you have an employee who leaves your business. This employee downloaded all of his customer data before leaving. He then sells this data to someone who uses it to steal the identities of several of his clients. Eventually, this theft is discovered and traced back to his employee.

His former clients in a totally justifiable outrage take him to court accusing him of negligence. Specifically, they hold you responsible for failing to safeguard their personal information.

Your case will be much stronger if you can show that you have positive control of your network. You can point out your security procedures. Employee login auditing, security updates, acceptable use agreements, etc. In short, you can show that you’ve taken steps a reasonable person would take to protect your network and customer data.

Hopefully, your attorney can then place the blame squarely where it belongs. About the employee who stole the information in the first place. Ask your lawyer about this! Don’t keep my job, I’m not a lawyer.

Remember, network security is the result of planning, not haphazard improvisation. Give your network the same attention you give the rest of your business.

If you don’t have the skills or time to be your own network administrator, you can hire someone to do this part-time. Just make sure they are reputable, you are putting your business in their hands.