Blake-White

Why Your Business Needs a Security Audit

Worried about your company’s IT security?

Do you wonder when the next malicious virus will bring your network to its knees?

Does Spyware have all of your network computers running slower than normal?

What’s the financial impact if you are compromised?

The best approach to put these concerns to rest is the use of a comprehensive security audit.

A security audit that does not review all the areas listed below could in fact leave the client exposed and susceptible to information loss, site outage and revenue loss. Here are the seven key components of a comprehensive security audit.

  • Internal network penetration test – The process will test and validate the level of internal security on the client network.  Based on statistics maintained by the Federal Bureau of Investigations (FBI), fifty percent of companies reporting break-ins to their networks and/or business applications state they were compromised by internal attacks.  
  • External network penetration test – This process will test and validate the level of security on all the external entry points for the client business network. Our firm recommends the use of multiple hacking techniques to ensure every possible avenue has been exhausted. 
  • Review of application security – While network security is crucial to ensure proper precautions have been observed, application security is also just as critical.  Numerous known software design exploits are completely avoidable but are routinely undiscovered. 
  • Review of IT physical security – We recommend the physical security at the client be evaluated to ensure that external network and application security cannot be circumvented by an authorized (or unauthorized) person gaining access to the internal network.  
  • Evaluation of intrusion detection precautions – Hackers with or without malicious intent will eventually test even the best security.  With this said, intrusion detection like security becomes essential for detecting the first signs of an attack.  This allows IT personnel to take proper steps to identify the attack, report forensic information to the FBI and shut down the attack.  
  • Evaluation of social engineering (employee readiness) – Many simple approaches can be utilized to gain access to users’ network and application logon credentials. We recommend a test of the current employee readiness against such attacks. 
  • Application capacity test – In addition to security, we also recommend a test of application systems.  Hackers often overwhelm a system with an enormous amount of transactions or erroneous traffic.  Although this does not pose a risk for information loss, it does allow the system to be rendered unusable. 

A security audit is critical to determine if a company is exposed and properly protected from all points of infiltration, both external and internal.

We believe all areas of security be audited annually to minimize the overall corporate risk to information and intellectual property.

Blake White is the president and co-founder of Endurance IT Services and has over 25 years of experience in the IT industry.  He can be reached at Blake.White@endurance-it.com