Most conversations about business security focus on what's being stored — servers, cloud backups, databases, email archives. Firewalls, antivirus, access controls, multi-factor authentication. These are all important. But there's an aspect of security that gets less attention, and it's just as real: the security of your data while it's moving between your people and your systems.

Every time a staff member accesses a file server, pulls up a cloud application, or connects to a remote desktop, that data is travelling across a network. The question of how secure that journey is depends heavily on the type of connection being used — and it's a question worth asking.

Your network choice affects your attack surface

The term "attack surface" refers to all the different ways a business can be compromised. Most organisations focus on the obvious entry points — their website, their email, their staff clicking on malicious links. But the network your staff use to access your systems is also part of that surface.

The clearest example is public Wi-Fi. When someone at your business uses a café or airport Wi-Fi to access your systems, the risks are significant. You have no visibility into who else is on that network, who runs it, or whether traffic is being intercepted. Even a basic man-in-the-middle attack — where traffic is captured between the device and its destination — is feasible on an open public network. Most people understand this at a theoretical level but underestimate how easy it is to execute.

Your own office network is considerably better — you control who accesses it, you can segment it, and you can monitor traffic on it. But the security doesn't stop at your router. The path your data takes from your premises to its destination (a cloud server, a hosted application, a data centre) also matters.

Open internet connections — and their limitations

Standard business internet — including NBN — routes your data across the public internet to reach its destination. The data may be encrypted at the application layer (HTTPS, TLS), which protects the content from being read even if it's captured. But it doesn't protect against everything.

If your servers or applications are accessible via open internet addresses, they're visible to anyone scanning for them. Open RDP (Remote Desktop Protocol) ports are one of the most targeted attack vectors for ransomware operators specifically because of this — they scan the internet for exposed remote access services and attempt to brute-force their way in. Having your systems accessible via open internet isn't necessarily wrong, but it requires careful configuration to close off unnecessary exposure.

The better approach for remotely accessing internal systems over the internet is to use a VPN (Virtual Private Network). A VPN creates an encrypted tunnel between the connecting device and your network, allowing remote staff to access internal resources as if they were in the office — while keeping those resources invisible to the open internet. This eliminates the exposure of your services directly to public scanning and wraps all traffic in an additional layer of encryption.

A VPN helps, but it's not the end of the story. Your data is still traversing the public internet — just encrypted. For highly sensitive data or regulated industries, the level of trust placed in public internet routing may not be sufficient. That's where private network connections become relevant.

Private network connections — a higher tier of security

For businesses where the confidentiality of data in transit is genuinely critical — law firms, medical practices, financial services, government contractors — a private network connection removes the reliance on public internet infrastructure entirely.

Rather than routing data through shared public internet infrastructure, a private network circuit connects two or more locations directly, using dedicated network infrastructure managed by a carrier. Traffic between your office and your data centre, for example, travels on a path that's not shared with general internet traffic and is not accessible from the public internet at all. The exposure is fundamentally different from a VPN over the open internet.

Dark Fibre takes this further still — dedicated fibre optic cable between locations that is used exclusively for your traffic. It's the highest tier of network security for data in transit, with no shared infrastructure whatsoever. The trade-off is cost: dedicated physical fibre is significantly more expensive than carrier-managed private circuits, and isn't necessary for most businesses. But for organisations handling classified or highly sensitive data, or those with strict compliance obligations, it's the appropriate solution.

Connecting to data centres and cloud securely

For businesses that co-locate equipment at a data centre or connect to cloud platforms like AWS or Azure, private connectivity is often available and worth considering. Rather than connecting to your co-located servers over the public internet, a direct private connection from your premises to the data centre means your traffic never touches public infrastructure. If you're co-locating at Caznet's data centre, we can discuss connectivity options from your offices to your equipment directly.

Similarly, major cloud providers offer dedicated private connectivity services — AWS Direct Connect, Azure ExpressRoute, Google Cloud Interconnect — that bypass the public internet for traffic between your network and their platforms. These are typically used by organisations where the volume and sensitivity of cloud traffic justifies the additional investment.

Matching your connection to your risk profile

There's no single right answer that applies to every Adelaide business. A small professional services firm with five staff working in one office has a different risk profile to a healthcare organisation with remote staff accessing patient records from multiple sites. The right approach involves understanding:

  • What data your business handles, and what the consequences of a breach would be
  • How your staff currently access your systems — in-office, remote, or hybrid
  • Whether your current setup exposes any services directly to the public internet that shouldn't be
  • Whether the sensitivity of your data warrants private network connectivity rather than standard internet with VPN

The cost of moving to more secure connectivity options is often lower than businesses expect — and significantly lower than the cost of a data breach. If you'd like to review your current connectivity setup and understand your options, reach out to our team. We can assess what you have and advise on where improvements are warranted.