Don't Shoot in the Dark - Why Security Assessments are Vital
Over 70% of all security attacks are against SMB companies, and of those attacked, 60% of them sustain devastating financial hardship. By now, you probably know that you need to protect your organization against cyber-attacks and you probably have some mechanism in place to do so - i.e. anti-virus software, a spam filter, or maybe even some password policies and security procedures. BUT cybersecurity is not a one-size-fits-all type solution - far from it. How do you know that the solutions you are paying for are actually protecting you? Do you know where your current network vulnerabilities lie?
While skipping the step of assessing your network and security landscape might save you a few dollars initially, unexpected malware attacks caused by an overlooked opening will cost you significantly more.
What is a security assessment?
It's like taking your car in for a tune up - you find a shop or dealer that works with your car's make and model; they perform a complete inspection, check spark plugs, rotor, fuel injector, air filters, fluid levels, break pads, etc. Then by the end, the shop usually recommends the necessary changes to keep your car healthy.
A security assessment is similar - your IT provider gathers information regarding your business, goals, security measures, policies and procedures. They use a series of tools to test all of your systems and safeguards. They then compare their findings with industry standards along with your business goals to provide best practice recommendations tailored for your business. Finally, they provide a security report that identifies the current state of your protection, lays out any gaps in your security, and includes a roadmap on how to thoroughly secure your network against security breaches.
How much do they cost?
Just like a car tune-up, it depends. There are a variety of factors to consider: number of sites, number of users, and what type of business your organization is. There are also different tiers of security assessments, some more thorough than others. A lower-end security assessment could be just a scan and a short report. A proper security assessment should include details not seen by computer applications; since 95% of all security breaches involve humans, examining employee interaction with your company's technology is extremely important.
Here at BlackPoint, we've been able to offer security assessments at lower rates by templatizing our security assessments and tailoring each template to specific industries, i.e. manufacturing, healthcare, real estate, etc., saving us extra time and labor without sacrificing the integrity of the assessment.
What are some real-world exmples of security assessment findings?
- We performed a security assessment on a service company and identified an issue with their file permission procedures. They had neglected to properly secure the files stored in the HR shared folder and these files were available to be seen from 20% of the company staff.
- We performed a security assessment on a biotechnology company and found their ISP had not changed the router password from the default. While an exploit was not in place yet, it would be very easy to reprogram that router from anywhere on the internet to pass copies of all correspondence to another location.
- We performed a security assessment on a legal firm and found an issue with the configuration of their firewall. They had failed to remove a remote connection used with a previous partner and now that connection was allowing access from a company’s network that they had no affiliation with. Luckily, they had a good password policy in place and this issue did not appear to have been exploited.
While discounting the need for a security assessment may save money in the short term, the cost of a security breach can range from a loss of productivity, loss of client files, fines for non-compliance such as HIPAA or PCI, and more. Here at BlackPoint, we use a very efficient process that minimizes the cost of an assessment while providing a very in-depth look at company wide security.
Want to learn more about how a security assessment can help your company? Receive a free consultation from BlackPoint IT today at 866.575.9512 or fill out our contact form and we'll call you.