Every time you turn on your computer connected to internet you are prone to security threat from the hackers who are constantly on the prowl to get sensitive information such as customer personal data, trade secrets or bank account numbers. The news about security breaches and hacking attacks have become daily affair. At times it seems the only way to prevent such attacks is to move to a remote island without any internet connection.
As tempting as this may sound, however, the reality is you cannot live without connecting your computer to internet these days. A more realistic approach is to ensure you are taking steps to shield your computer and network from external threats.
Two primary ways by which you can ensure protection from security threats are prevention and remediation. As you can imagine prevention is always a preferred approach since by the time you have to do remediation it may already be too late. The tools that are used to assess your systems to prevent such attacks fall in 3 categories – security audits, vulnerability assessment and penetration testing.
Security Audits
Security audits are designed to measure the performance of your company’s security system against a set of established benchmarks. They can determine whether your company’s security system complies with regulations such as HIPAA, the California Security Breach Act and the Sarbanes-Oxley Act. Any small business that handles sensitive personal data must routinely perform security audit of their computer systems.
Network security audit will evaluate your system’s physical configuration, software, user practices and information handling processes for potential security threat. Static data such as passwords and firewall definitions are tested along with testing of dynamic data processes such as file transfers database access and login practices.
Vulnerability Assessments
Vulnerability assessments are designed to provide comprehensive evaluation of your entire information technology system. A vulnerability assessment seeks out potential security weaknesses in your IT system and provides suggestions for correcting any shortcomings.
A poor score from vulnerability assessment should serve as a wakeup call for any small business to tighten security. If additional investment in hardware or software is required, consider it an insurance policy against larger potential loss.
Penetration Testing
Penetration testing represents a deliberate hacking typically performed by security experts at the request of the company to identify potential security weak spots. Many security experts are reformed black hat hackers who lend their services to legitimate businesses.
During penetration testing, the security expert performs a covert attempt to access your company’s IT system, much like a malicious hacker or identity thief would do. The security expert would then report his or her findings back to you, along with recommendations to prevent real hackers from successfully obtaining unauthorized access.
It is said that an ounce of prevention is worth a pound of cure. These security and vulnerability assessments are meant to achieve exactly that result. So don’t be penny wise and pound foolish when it comes to security threats.
Charles Talley is a network security administrator for a large company and is an expert in network security audit. He likes to share what he has learned over the years by blogging online.
Hi Charles,
Thanks for the tips. These days, it’s a bad idea to assume you aren’t important enough to be hacked. Harry, thanks for sharing these awesome tips with the BizSugar community!