Given our human nature, we all believe that we are safe, secure and nothing is going to happen. We believe that we are all doing what is necessary to keep ourselves and our businesses out of harm’s way. The reality is that when it comes to cybersecurity, you can never have too much security. Granted I understand that organizations do not have unlimited budgets for cybersecurity, but there are some key items that are extremely cost-effective that every business must implement.
Even though you have implemented policies, procedures, and solutions to ensure that your systems are secure, how do you REALLY know how effective those security measures are or if they are even working? The only way is to understand the effectiveness and discover any weakness is to perform a security audit. There are two elements of a security audit: Discovery and Remediation.
Discovery: This is the initial phase of a security audit, we will utilize industry-standard tools to perform an internal and external security in-depth review of all systems: Computers, servers, firewalls, wireless protocols, user accounts, compromised accounts on the Dark Web, password policies and signs of attacks just to name a few areas of concern. Once all of the data is collected, the security team will review all of the information to use for the Findings and Recommendations Report. During this phase, there is no downtime for the clients’ systems and it usually takes a week.
Remediation: Most cybersecurity teams include the remediation within a security audit, but to CTS this is THE most important element. During this phase, you will take the Findings and Recommendations report and prioritize which of the results are the most severe, and assign costs to remedy those specific risks. At that point, the business stakeholders will decide which security measures to implement or the items to correct. A project plan will then be created and milestones and tasks should be executed per the Remediation Plan.
At CTS, we perform security audits for both our IT managed services clients, as well as organizations that we do not manage. Those non-client security audits take place when we are doing 3rd party audits ensuring that the appropriate systems and protocols are being enforced. Please reach out to Frank at fstephens@onlineCTS.com or (847) 894-6304 you haven’t had a security audit completed within the last year. We recommend security audits be executed either on a monthly, quarterly, or semi-annual basis depending upon the complexity of the systems and specific industries where there are heightened risks.
EXTRA TIP: With identity theft on a constant rise, it is imperative to protect and lock down your credit. There are three credit bureaus: TransUnion, Experian, and Equifax. Each of these organizations allows you to freeze your credit so that no external people can check nor apply for anything that is credit-related. The process is quick and easy, and some of them charge a small yearly fee or are free. When you need to purchase a car, take a loan or apply for a new credit card, you simply temporarily unfreeze your credit for a few days with a password or pin. Here are links to these groups to protect yourself:
Equifax: Call 800-349-9960 or go online: https://www.equifax.com/personal/credit-report-services
Experian: Call 888‑397‑3742 or go online: https://www.experian.com/freeze/center.html
TransUnion: Call 888-909-8872 or go online: https://www.transunion.com/credit-freeze