When it comes to IT security, your network is being tested every day by rogue, external attackers looking to profit from weak infrastructures and unsuspecting employees.
As contractors and material suppliers, you frequently deal with purchase orders, invoices, wire transfers and ACH payments—sensitive financial information that’s ripe for exploitation. Cyber criminals know this, which puts your systems and employees at high risk of an attack if there are vulnerabilities in your network.
An effective information security program leverages many different layers of information security to prevent such an attack. This article focuses on the critical, yet oft-overlooked, layer of testing and its two main components:
- Testing Systems – In 2016, an average of 41 new vulnerabilities were reported each day—nearly two per hour. Unfortunately, patching vulnerabilities is not as simple as installing Microsoft’s monthly updates; that’s only the first step.
If you are not engaging in regular network vulnerability scanning, you will likely be shocked by the number of vulnerabilities that may exist in your corporate network. Scanning for vulnerabilities across your entire network is typically not a default service that’s included by your managed IT or information security vendor, so it’s crucial to discuss implementing this with your internal/external IT staff. - Testing Employees – Phishing, vishing and smishing are all social engineering tactics used by cyber criminals to exploit unwitting employees. If those terms sound like an entirely different language to you or any of you staff, then you’re in need of proper information security training. Being aware of these types of risks is the first line of defense in preventing a breach, so training your staff is the first step; testing them internally is a critical second step that needs to be performed often to ensure that information security stays at the top of their mind when interacting with sensitive data.
Implementing both components of testing will significantly reduce the risk of being targeted in a cyber attack, while also arming your staff with the knowledge to respond intelligently in the event it does happen.
About the Author
Todd Bollenbach is the founder and CEO of GNT Solutions, an IT consulting firm helping small and medium businesses deploy, maintain, and protect their technology. With a range of specializations that include security, compliance, IT management, helpdesk, and disaster recovery/avoidance, GNT Solutions serves a broad client base that includes accounting firms, developers, construction firms, economic development agencies and a host of other businesses between fifteen and two hundred employees.
This article is intended for educational purposes only and is not a substitute for obtaining competent accounting, tax, legal, or financial advice from a certified public accountant, attorney, or other business advisors. You should not act upon any of the information in this article without first seeking qualified professional guidance from your business advisors on your specific circumstances. The information presented should not be construed as advice or guidance from BFBA.