The first personal computer (PC) virus detected in the wild was Brain; it was identified in 1986, created by two brothers in Pakistan (Kersten, 2013). Earlier PC viruses, those released in the 1980s and 1990s, were easier to detect than their current counterparts, less malicious, and easier to remove. Since the 1980s, computer viruses have increased in their complexity, and their maliciousness (Taylor, Fritsch, & Liederbach, 2014). Information technology (IT) professionals are tasked with, among other things, keeping computer networks secure.
One of the components of ensuring a secure network is mitigation of the risks associated with networked systems. The steps taken to mitigate risks on a network will depend largely on the type of network, the type of work the network owners engage in, the activities completed on the network, and the number of users of the network (Fenz, Heuriz, Neubaur, & Pechstein, 2014). In spite of the many variations that can affect or influence the actions taken to mitigate risk on a network, there are certain basic steps that, if completed, work to decrease the amount of risk present to the network itself. Implementation of these actions, to one degree or another, works to protect the security of the network and the resources of the organization.
Every network is different. In order to know how to best secure a network, the first action that every IT professional tasked with network security should complete is a risk assessment on the network. A risk assessment is a process through which an IT professional analyzes the network to identify the potential areas in which potential harm could befall the network (Singhal & Ou, 2017). Following the identification of the different risks, the IT professional must design a plan that will enable him or her to decrease the likelihood of harm occurring as a result of the given risk.
Risks can manifest themselves in a variety of ways, including ease of access to the network, the use of personal devices by employees on the network, and even from the ease through which computers can be accessed by non-personnel. If network access does not have even a basic password requirement, the security of the network can be compromised, as this enables anyone to be able to make changes while being connected to the network.
If employees are able to connect personal devices to the network, and those employees are not versed in basic computer security, this could serve as an access point through which viruses or malicious software are transferred to the network, posing a problem for the organization. Still further, if the building does not have strong physical security, such as the presence of computers in areas not accessible by the public, versus computers easily accessible by simply walking in the front door, this too can create a problem, as anyone with malicious intent could install something on the computer that could compromise the network’s security.
Before a determination can be made regarding the actions that must be taken to mitigate potential risks to the network, the risk assessment should be completed. Yet, the completion of a risk assessment and the creation of a plan designed to address those risks are not the only actions that should be taken to secure a network. Organizations should also have, at the very least, basic procedures and protocols for network use that all employees must agree to follow and network monitoring should be present, allowing for the identification of any potential issues on the network before too much damage is done to the network. Awareness of the network, its users, its capabilities, and its virtual and physical limitations are all vital components of ensuring that the network remains as secure as possible.