To Safeguard Your Company’s Data, Consider a Cybersecurity Assessment
Posted January 2020
As data breaches continue to make headlines at an alarming rate, no business can afford to ignore cybersecurity. To ensure that your company is taking appropriate steps to protect sensitive information — both its own and that entrusted to it by customers and business partners — consider conducting a cybersecurity assessment or audit. An added benefit of these assessments is that it sends a message to your customers and others that you take their data security seriously, which can provide a competitive advantage.
The first step the auditor will take is to take inventory of all your data and determine where it’s located. While much of your data is housed on your on-site network or private cloud servers, you might be surprised to learn how much of it resides on the networks of third parties — such as internet service providers, vendors, customers, financial institutions or business partners — or is accessible by them. The auditor will also take inventory of your hardware and software and map your network, data flows, and entry points. As the workforce becomes increasingly mobile, it’s particularly critical to examine the ways in which your employees gain access to your network. As the number of entry points increases, so does your risk.
It’s equally important, if not more so, to evaluate your policies, procedures, and internal controls related to information security. The majority of data breaches involve social engineering — that is, hackers who take advantage of weak passwords or lax security protocols or use phishing or other techniques to trick personnel into downloading malware. A cybersecurity assessment can help you identify potential vulnerabilities and implement policies, procedures, and controls designed to minimize the risks of a data breach and mitigate the damage should a breach occur.
Depending on your industry, you might consider going a step further and obtaining a certification that your company complies with an accepted cybersecurity standard. A number of organizations have promulgated such standards, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Getting certified can give your company a competitive edge. Plus, in some industries, the government and other organizations are increasingly demanding that their partners obtain such a certification as a condition of doing business with them.
Once you conduct a cybersecurity assessment, you can’t simply put it on a shelf and forget about it. Hackers and other cybercriminals are continually coming up with new, innovative techniques for bypassing companies’ security measures, so it’s important to monitor the performance of your information security system and periodically re-assess your risks.