A security assessment is an in-depth look and analysis at what layers of security a business has in place, and how effective each security layer is. Its goal is to:
- Identify assets and where they are stored
- Isolate what security risks are posed to critical assets
- Identify gaps in cyber security
- Provide a plan to plug those gaps – before a cyber-criminal finds, and exploits, them
- Determine a recovery plan should an attack be successful
- Calculate how much funding and effort should be used to protect those assets
Assets that need to be assessed
Assets include things like:
- Electronic data
- Information such as trade secrets and IP
- Cloud based software
- Servers
- Office equipment and devices
- Employees
Assets are all heavily interlinked. A security assessment on electronic data will also look at everything responsible for handling and securing that data. These assets can include things like servers, firewalls, desktop PCs, mobile devices, cloud-based software, file sharing apps, VPNs, and more.
Know how much your assets are worth
Determining the value of tangible assets like computer equipment is easy. Electronic data is a much harder one to calculate, and costs far more than a typical small business owner realizes. Its value extends far beyond any hard cost of collecting or inputting that data. Its true value includes:
- The time, and money, it would cost to create it all from scratch again
- How losing data would impact day-to-day operations
- How much a competitor would pay to get it
- The revenue that would be lost
- Financial and legal costs that would be incurred if the business was compromised
- How far back it would set you in terms of productivity, and its impact on future revenue
- The cost to operate the business, and pay staff, even though the company isn’t able to generate its usual revenue
- Reputational damage from negative publicity and its impact on future business
- And so on
The true value of company data can only be determined by thinking deeply about these sorts of things.
How assets could be exploited
In addition to isolating and plugging gaps, a good assessment will help a company gauge how prepared it is for dealing with a successful cyber-attack. Having the right layers of security in place is your best defence against cyber-attacks, but nothing can guarantee 100% protection. Cyber-criminals are always evolving their technology and techniques, so a future attack could still be successful. Businesses need to know how they would handle it, and what a recovery plan will look like and cost.
It’s a bit like how an insurance company determines how much to charge for premiums. Take house insurance, for example. You work out how much it would cost to rebuild your house from scratch should a disaster happen. The insurance company (in simple terms) then multiplies that by a number calculated from its identification of various loss scenarios and their likelihood of happening to determine your premium.
Likewise, identifying where security risks are, and how a cyber-criminal could exploit the gaps, helps a business understand how much to budget for data protection and recovery. For example:
- Hackers gets in and destroy 50% of your data
- A system crash sees you lose a month of financial records
- Equipment failure prevents you from working for a week
- A disgruntled employee deletes important files before they leave
- You unknowingly click a link in a phishing email and install malware that systematically encrypts your data before demanding a ransom to restore it
The cyber security team at The IT Partners understand these risks, and the likelihood of them happening. In addition to finding and plugging gaps in your security, they can help you determine how much to budget for ongoing protection and recovery.
Security assessments are not just for big businesses
Corporates need security assessments, absolutely, but so do small and medium sized businesses. Any business that uses the internet, and stores information electronically, is at risk. All businesses, big and small, need to ensure they understand the risks, identify and plug security gaps, and budget for protection and recovery. Most businesses would find this very hard to do, which is why a security assessment by a cyber security expert is the best way to figure it all out.
Security audits
Ongoing security audits are a useful tool. They ensure security controls, policies and procedures remain in place. This is particularly important when a business has staff, as people are the weakest link in the security chain.
Changing landscape
It’s important to remember that the level of risk and the threat landscape as a whole is constantly evolving. Cyber security assessments and audits can help your business ensure that its security controls are keeping up with emerging threats and continuously providing the best protection possible for your most important assets.
The IT Partners perform security assessments and security audits to help protect your business.
Contact us today for more information.