Are you doing regular IT security audits?
Reading Time: 2 minutes15th November 2015 | Modified: 13th January 2023Categories: CNC News
Are UK businesses taking IT security seriously? Some recent high profile cases suggest that even big businesses aren’t doing enough to protect themselves.
If big businesses like TalkTalk can have their security easily breached, the situation could be even worse for smaller companies that have fewer resources.
A recent survey of IT executives and network administrators by VanDyke Software Inc. reveals that 46 per cent of companies that undertake internal security audits find the tests reveal significant security problems. The number rises to 54 per cent when an outside company conducts the audit. In other words, there’s a 50:50 chance your company may have network security problems.
The stark fact is that many smaller businesses in London and the South East only tighten up on security after something goes wrong. They fail to conduct regular security audits and rarely do penetration testing to see where the weaknesses are in their IT systems. They may tighten up on security after a breach has occurred but will once again be vulnerable to new threats in the future if regular checks aren’t maintained.
Gary Jowett from CNC in Brighton says: “Even those smaller companies that do have IT departments often fail to carry out regular audits because their IT team is too busy dealing with other daily issues. This is where an external IT consultancy can help by providing a schedule of audits and penetration tests each year that will ensure your network is protected against the ever-changing threats all businesses face.”
Security audit master list
First, you need to identify those sensitive assets that could be vulnerable to attack so you can create a master list of the hardware and software which needs to be audited regularly.
This will include hardware such as PC’s, laptops, tablets, smartphones and printers. You should also audit access to all your servers and data sets. Checking who’s using your email server or gaining access to your website’s administration system is also essential.
Equally important are door access points, employee access cards and security cameras. Are only authorised people getting into and out of your buildings? If you employ temporary staff, are their building access permissions renewed on a regular basis?
A lot of businesses are already carrying out security audits but far fewer are doing penetration testing.
It’s advisable to get your IT consultant to help with this because they should have the latest tools and techniques to probe for weaknesses in your network.
While much of this is just good housekeeping, the fact remains that many smaller companies need an external helping hand to ensure the job gets done regularly. It’s now essential if you want to do business with large UK organisations who require business partners to adhere to high standards of IT security.