Last month, Uber’s CEO revealed personal information of 57 million customers and 600,000 drivers had been stolen by two hackers in late 2016. It was a major blow for the company, who has struggled with a string of scandals in recent times.
It’s also a pertinent reminder that network security is one of the most important facets of modern day IT and computing.
A 2017 IBM study estimates the average overall cost of data loss is $141 per record. With a quick calculation, that equates to a $8bn loss for Uber.
You may assume that your data is secure and your IT infrastructure is performing well. Such assumptions are extremely dangerous.
That’s why you must complete regular security audits as part of your wider IT security strategy - we’d recommend a minimum of every 6 months.
A network security audit will identify and evaluate all of your IT assets. It will determine the threats to those assets and the measures you need to put in place to protect against those threats.
But your network is a dynamic entity. Your users may, for example, add new devices and systems to your IT infrastructure. Or install software that inadvertently puts your business at risk.
Therefore, it’s vital to perform regular network security audits. Here are four reasons why your business may need to conduct an audit:
You can’t remember when you last completed a network security audit
A network security audit gives you a snapshot of the vulnerabilities of your system at a specific point in time. Ongoing reviews will inevitably be required as your business environment and IT infrastructure changes.
If you can’t remember the last time you had a network security audit, you’re in real trouble. We’d recommend that most businesses conduct an audit twice a year, at the very least. It depends on the criticality of your business and any recent changes you may have introduced to your network.
And, remember, a network security audit must be a detailed and thorough process - a simple system scan does not count.
You rely on legacy systems
If your IT infrastructure relies on outdated technology, this can leave you vulnerable to new threats that were unrecognisable to your network when it was first set up. It doesn’t matter if you religiously run updates on your system, your network will still be at risk, even if you have a robust firewall in place.
For example, 90% of NHS Trusts use Windows XP. This exposes them to threats that could exploit vulnerabilities for which Microsoft no longer issues patches, according to a Freedom of Information Act.
You’ve introduced new technology
Of course, new additions to your IT infrastructure can also contribute to the need for a network security audit. For example, are employees using their own phones for work? Are they secure?
The introduction of a new piece of hardware or software can have ramifications across your business. It’s especially important to brief your staff if you do introduce a new piece of technology as you must rely on them to keep your IT infrastructure safe. Collaboration systems, in particular, can pose a heightened threat as you digitise your business.
You think your business is too small to count
Many companies operate under the false assumption that they are simply too small for a network security audit. However, it’s not just major corporations with IT departments that need audits.
In fact, the opposite is true. If you don’t have a dedicated IT team, you could be unaware of a range of critical security issues with your third-party systems. As a result, many small businesses outsource their IT security to protect their systems and ensure best practices are followed.
Ignorance is the number one enemy of IT security. If you decide to shy away from an audit then you’re failing to address weaknesses in your current system, processes and practices.
A network security audit is also a great investment in your business - could you afford to lose $141 for every record thanks to a data breach?
Regular audits don’t just protect your business, they demonstrate to your staff, customers and stakeholders that you take a professional approach to protect your IT infrastructure. What’s more, network security audits can uncover some great opportunities to innovate and further optimise your business.
If you’d like to find out more about how to protect your IT infrastructure, check out our comprehensive guide to cyber security here.