Who is testing your IT security? (Hint: The answer isn’t “no one.”)

When it comes to IT security, your network is being tested every day by rogue, external attackers looking to profit from weak infrastructures and unsuspecting employees.
An effective information security program leverages many different layers of information security to prevent such an attack.
By Todd Bollenbach

When it comes to IT security, your network is being tested every day by rogue, external attackers looking to profit from weak infrastructures and unsuspecting employees.

As contractors and material suppliers, you frequently deal with purchase orders, invoices, wire transfers and ACH payments—sensitive financial information that’s ripe for exploitation. Cyber criminals know this, which puts your systems and employees at high risk of an attack if there are vulnerabilities in your network.

An effective information security program leverages many different layers of information security to prevent such an attack. This article focuses on the critical, yet oft-overlooked, layer of testing and its two main components:

  • Testing Systems – In 2016, an average of 41 new vulnerabilities were reported each day—nearly two per hour. Unfortunately, patching vulnerabilities is not as simple as installing Microsoft’s monthly updates; that’s only the first step. 
    If you are not engaging in regular network vulnerability scanning, you will likely be shocked by the number of vulnerabilities that may exist in your corporate network. Scanning for vulnerabilities across your entire network is typically not a default service that’s included by your managed IT or information security vendor, so it’s crucial to discuss implementing this with your internal/external IT staff.
  • Testing Employees – Phishing, vishing and smishing are all social engineering tactics used by cyber criminals to exploit unwitting employees. If those terms sound like an entirely different language to you or any of you staff, then you’re in need of proper information security training. Being aware of these types of risks is the first line of defense in preventing a breach, so training your staff is the first step; testing them internally is a critical second step that needs to be performed often to ensure that information security stays at the top of their mind when interacting with sensitive data.

Implementing both components of testing will significantly reduce the risk of being targeted in a cyber attack, while also arming your staff with the knowledge to respond intelligently in the event it does happen.

About the Author
Todd Bollenbach is the founder and CEO of GNT Solutions, an IT consulting firm helping small and medium businesses deploy, maintain, and protect their technology. With a range of specializations that include security, compliance, IT management, helpdesk, and disaster recovery/avoidance, GNT Solutions serves a broad client base that includes accounting firms, developers, construction firms, economic development agencies and a host of other businesses between fifteen and two hundred employees.