For the majority of small businesses, IT security is ensuring that some of the basics are followed, that your head is not above the parapet. The problem for businesses is understanding what is the height of that parapet in the ever-changing IT landscape. How is it affected by the business environment you operate in?
One of the best ways to discover this is a Security Audit. Businesses often believe they need a full “Penetration Test” but what most businesses would actually benefit from is a Vulnerability Assessment followed by some recommend security services and staff training.
A vulnerability assessment still performs some “Lightweight” penetration techniques.
- Security Scans – Ascertain what services are available on your various IT systems
- Vulnerabilities – Do these services have any known weaknesses
- Basic Passwords – Are any these services using common, simple or default passwords
- Countermeasures – What systems and process can be introduced to mitigate these risks
Penetration testing is taking the vulnerability assessment to the next level, acting upon potential security vulnerabilities.
- Exploiting – Taking information from vulnerability assessment and exploiting it
- Access – Once a vulnerability has been successfully exploited, can it grant internal access to systems or office network
- Ownership – Move from system to system in order to gain root or administrator level access and take full control
- Trophies – These trophies could be directors passwords, confidential information, accounts etc. These samples can be used to show the ramifications of the company vulnerabilities to the decision makers.
External and Internal Audit
A full end-to-end Penetration test requires considerable resources and planning typically out with small business IT budgets. The expensive part of this process is breaking into the network or system. So as alternative method Dunedin IT can perform external vulnerability assessment and then an internal one. We take the approach, that if someone was successfully breaching your network, what possible damage could be done.
IT Security Solutions
Want us to help with Cyber-Security audit of your business? Speak with David or Jamie.
email@example.com or 0330 058 1701