Cybersecurity Checkup

Cybersecurity Checkup 150 150 Sharon Smith

Most people understand that going to the doctor and dentist on a regular basis is good preventive practice for their health. Getting your teeth cleaned and x rayed can help prevent future damage, and getting regular blood work and physical exams can catch issues before they become serious.

The same is true for your technology and business practices around cybersecurity. Regular checkups and exams are necessary for the basic health of your systems and to prevent more serious problems later. Knowing early on if there is an issue that needs to be fixed can help you before it becomes too late or more costly.

As a security consultant I am akin to your general practitioner at the doctor’s office. I conduct checkups for systems and processes to determine the cybersecurity health and potential future needs for organizations. Having someone with this skill set to come in at least annually and look at your systems is key in maintaining a healthy network. The result of ignoring your security checkup can lead to an unavailability of system resources, which happens when attackers use Ransomware to keep you from accessing critical business data. Another concern that the checkup addresses is ensuring there is no weakness in the integrity of data or what seems to be the most common headline, the loss of data to hackers or attackers.

Let’s look at three important elements of a cybersecurity checkup.

First let’s look at your infrastructure, which you can think of as the bones that make up your organization. If a device or system on your network isn’t configured correctly it can cause many problems. Systems and data can become unavailable to users and customers, or worse, malicious users or hackers could gain unauthorized access to your systems and data. During the checkup your security consultant will look at system configurations to help identify any weaknesses and provide recommendations for fixing any breaks they find.

Second you need to look at the hardware and software that makes up your network and is part of your infrastructure. These devices can be infected by what are known as a computer virus or bug and in broader terms referred to as malware. With people we have ways to detect if there is an infection and ways to prevent them or cure them. For your systems, the main way this is accomplished is through the use of anti-virus or anti-malware software. This software can test the system looking for vulnerabilities and weaknesses (bugs and infections). Your security consultant conducting your system check-up will make sure that the software is current and working properly, and look to ensure that all current patches have been applied to fix known issues.

When you go to the doctor there are many tests in which you get poked and prodded, many of which are not fun, but incredibly necessary. A good friend of mine was recently diagnosed with cancer as a result of his prostate exam. I am quite certain the exam was not something he was looking forward to and he could have easily put off, but since he didn’t put it off he was diagnosed early and has a very good prognosis for being cancer free.

This takes me to the third and one of the most important and often underutilized type security checkup – penetration testing. This is the most important, but least common checkup. This type of test should be conducted by a subject matter expert, i.e. a specialist rather than a generalist. This professional conducts very technical tests against your organizations systems to try and break in like someone who is up to no good, but doing so with permission and ground rules. They can do this from the Internet like most malicious hackers and they can do it from inside your network to mimic a malicious internal user. External and internal penetration tests are some of the most important tests you can run against your systems to make sure you truly understand the cybersecurity health of your organization from the inside out.

These important security health checks should also be conducted throughout the year by your IT staff as part of their ongoing operating procedures in addition to at least annually by an independent third-party. If you have outsourced your IT to a service provider make sure they are conducting regular security checks in addition to having an independent third-party or internal audit group do an annual checkup as well.

Don’t be caught with a diagnosis that is hard or expensive to fix because you decided to skip the annual checkup. If you have questions and want to discuss all the elements of a security checkup in more detail email sharon@c-suiteresults.com.