This is part 1 in our 2 part series on how information security assessments can shed light on cyber security improvements for your company.
The growing threat of cyber attacks on SMBs calls for a serious evaluation of the people and technology inside your business:
Cue the cyber security assessment.
A cyber security assessment is a service that finds weak spots in your business’s cyber defense. Security assessments:
- Test your employees’ knowledge on IT security threats
- Audit your technology to ensure it can to fend off cyber attacks
[button size=” style=” text=’Download the IQ Security Test for Employees’ icon=’fa-file-pdf-o’ id=’iq-test-button’ icon_color=” link=’https://www.pegasustechnologies.com/download-technology-security-iq-test/’ target=’_self’ color=” hover_color=” border_color=” hover_border_color=” background_color=” hover_background_color=” font_style=” font_weight=” text_align=” margin=”]
[vc_separator type=’transparent’ position=’center’ color=” thickness=’25’ up=” down=”]
Enlist the expertise of a Managed Security Service Provider
A Managed Security Service Provider (MSSP) is a company that analyzes security protocols and implements proactive security measures that shield your company from cyber criminals.
Note: an MSSP is different from a managed services provider or IT company because they’re hyperfocused on security. An MSSP does not just look recommend firewalls and antivirus software for your company. They examine the holistic security strategy and how it connects to your goals.
An IT security assessment will help your company:
1. Assess how often your employees fall for phishing schemes
Phishing schemes are becoming harder to identify
Cyber criminals will attack your company by trying to trick your employees into handing over sensitive data through social engineering or phishing schemes. It’s not safe to assume your employees can identify phishing schemes and always abide by IT best practices. Take these statistics as proof:
- 30% of phishing emails are opened by people in the workforce
- 78% of employees claim they’re aware of the risks of unknown email links/attachments, but they click them anyway.
Training your employees on how to identify phishing schemes and the proper protocols for dealing with nefarious emails is critical to protecting your company’s sensitive data.
Test employee reactions and develop a protocol
Protecting your business from phishing schemes requires long-term training and testing. No memo or 30-minute pow-wow will be enough.
A security assessment will determine if your business is equipped to deal with phishing emails by:
- Testing employee knowledge on signs of phishing schemes
- Sending test phishing emails to staff to gauge responses
The managed security services provider that conducts the security assessment will help you determine how vulnerable your employees leave your business. Then, you can create a training plan and institute security protocols to strengthen your response.
2. Pinpoint weak & unsafe password practices
Employees create passwords that can be reverse engineered
Most employee passwords are easy to hack because people tend to:
- Use predictable patterns of letters, numbers, & personal info
- Use the same password across multiple platforms
While reusing passwords makes them easier to remember, it’s not safe from an IT security standpoint.
One weak password can open up holes that can affect your entire business. For example, 68 million email and passwords were posted on the darknet because one Dropbox employee reused his corporate password for his personal Linkedin account.
Learn and practice characteristics of safe passwords
A cyber security assessment will:
- Review employee passwords & gauge their strength
- Review your internal network password requirements
- Review your password resetting practices
An MSSP will discuss with you whether or not your employees are using password best practices. Then you can discuss a plan to educate employees on secure passwords and explain not only why weak passwords are easily hacked but how it can affect the whole company.
An MSSP can also introduce you to Password Managers or Password Vaults, where one can store many passwords for various accounts with top-notch encryption. You can even set up some password management vendors to auto-login into your accounts.
With these tools at hand, your employees can’t make excuses for weak passwords.
3. Identify faults in handling physical data & devices
Cyber criminals aren’t afraid to physically steal your data
Data can be breached when employees mishandle physical storage devices or save data on unauthorized devices, such as personal flash drives. Storing data on unauthorized devices is a huge concern when confidential company data is taken outside of the workplace or abroad.
Not traveling with a lean amount of data when abroad, or having more confidential data on your devices than you need, is dangerous. Cyber criminals won’t be particular about how they nab your data. Why pass up swiping your device when you’re not looking? If you don’t buy that, consider that 1 work laptop is stolen every 53 seconds in the US. Even the US government lost 1,000 physical devices with highly confidential data in 2015.
Overview safe data handling before employees take devices off-premise
An MSSP’s information security assessment will analyze how and where your employees store data, which will shed light on data security protocols your MSSP can help you establish. Then you can overview the protocols with employees before they leave your office with company data stored on:
- Company laptops
- Smartphones or tablets
- External storage devices
Safe practices for data handling ensures your employees travel with only the data they need and understand how to keep it safe in when away from the office.
4. Identify old software & hardware that need security patches
Old technology can open security gaps that invite cyber criminals
Trying to save money by keeping your old desktop model or operating system could cost your company tens of thousands of dollars in recovery and repair costs. When you don’t update your company’s software or hardware, they can become incompatible with new programs your company may adopt. Incompatible technology:
- Creates security gaps between old systems & new updates
- Exposes company data to cyber criminals via the security gaps
- Makes valuable security patches & updates ineffective
A recent example of such a breach is the ransomware attack known as WannaCry or WannaCrypt which targeted SMB’s computers without the security patches applied by regular updates.
Inventory your technology & create organized schedules for updates
An MSSP security assessment will help audit each piece of technology in your company. Then you can better understand which desktop models to replace or which software applications to upgrade so everything is protected against a breach.
Managed Security Service Providers can address your assessment results
Because an MSSP’s main goal is to provide clients with the best security applications and repeatable IT security protocols, it’s likely their first plan of action will be to conduct a security assessment. But once the assessment’s results are in, they can help you focus on IT security solutions.
When the assessment reveals areas for improving your company’s IT security, your MSSP can then decide on security initiatives that need to be in place so your company as a whole is protected. From employees following IT security best practices to scheduling your recurring technology updates, you can sleep well knowing your IT security is in your MSSP’s hands.