Comment by ams6110

Do not trust that your internal networks are secure. Any links carrying business or customer data should be encrypted.

I remember over a decade ago talking with the security head of a university where I was working, about a new system design. I made some comment like "well this is all on the machine room network" and his response was "I wouldn't trust the machine room network." Pretty eye-opening since he was the person responsible for its security.