TECH INTELLIGENCE: Weak links

Listen to this article

Successful business owners routinely assess issues like competition, marketing, customer demand and other questions. But for some reason, many often skip a critical issue: their cybersecurity posture. It is a head-scratcher, especially when one considers the sensitive areas that hackers typically target – bank accounts, credit cards, social security numbers and other personally identifiable information – where a breach can expose businesses to direct and indirect financial losses, in addition to long-lasting reputational damage.

But a cybersecurity assessment can let businesses gauge their security exposure and gain insight into instituting protections. When properly designed and delivered by an experienced outsourced IT support provider, a cybersecurity assessment can deliver the insights companies need to avoid costly security breaches, achieve regulatory compliance, and improve efficiency.

Such an assessment typically involves an evaluation of the organization’s information systems and digital assets, identifying vulnerabilities and threats that could compromise the availability, confidentiality and integrity of company data. A critical component of the process will involve penetration testing, or simulated attacks, under controlled conditions, which can pinpoint actual risks from the perspective of a motivated attacker. A security provider can then proactively address weak points before hackers can exploit them.

A customized engagement may also include reviews and assessments of such areas as device management, including whether access safeguards are being deployed appropriately; information governance, or identifying where data lives, where it travels, who owns it and who can access it; data security controls, including encryption and email controls and defenses; security monitoring and security awareness training; patch management procedures; business continuity and disaster recovery plans and data backups; and supply chain management. Finally, the cybersecurity partner will document their findings and deliver recommendations for improving the business’ security.

Companies that understand and address security risks can take steps to minimize the chance of cyber incidents that may damage their reputation, customer trust and bottom-line profits. Some issues, like safeguarding bank account or credit card information, are basically self-evident; but other regulatory compliance requirements – including such industry-specific laws as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard) – may mandate data retention and other processes. A cybersecurity assessment can uncover weak spots in a company’s operations, enabling management to take appropriate action before regulators pounce and impose sanctions.

Periodic cybersecurity assessments can also be a competitive advantage, since they alert stakeholders and customers to the fact that the business is committed to best practices. Further, companies that act on the recommendations from a cybersecurity assessment can improve productivity, since they are more likely to prevent or minimize security incidents and data breaches — reducing the downtime, errors and waste caused by cyber incidents.

To get the most value out of a cybersecurity assessment, businesses should engage with a qualified and experienced security provider that has a track record of delivering high-quality cybersecurity assessments. The provider should also possess a comprehensive methodology that covers all aspects of the clients’ information systems and assets, including its network, web, cloud and mobile operations. A provider should also be able to deploy a team of experienced, certified and skilled professionals who can perform assessments using the latest tools and techniques.

Cyber criminals are continually evolving their attack plans, so critical, periodic cybersecurity assessments are a key component of a cybersecurity strategy. Qualified cybersecurity providers will help businesses to design and implement a comprehensive strategy designed around the organization’s individual needs and business goals.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.