It’s a brand new year. Are you still using the same security you’ve always used? Maybe it’s working. You’re protected to the level you need to be, and there’s nothing else you need to do. But how do you know? Is it a good idea to start another “new year, same security” period? We think everyone should take the time and perform a simple security audit for their new year, and here is an outline to make that easier.
Define Your Audit
You need to define the scope of your audit. Will you be conducting an internal or external audit? Maybe you’ll be doing both. Think about the assets you have. Technology, client information, and any assets that you believe are important to you and your business. Finally, figure out, of those assets, which ones you think need to be audited (vulnerable assets) and which ones don’t need to be included.
Identify Potential Threats
Take your list of vulnerable assets and make a list of the potential threats to them. These threats can be very specific to your individual operation, but take a moment and consider all of the potential possible threats. These can be internal or external. Here is a list of some common threats to help get your thinking started:
- Phishing Attacks
- Poor Password Discipline
- Natural Disaster
- Physical Breach
- Negligent/Disgruntled Employee
- DDOS Attacks
- Bring Your Own Device Workplaces
Review Your Current Performance
This is a critical step in the process. Take the time to look at those potential threats and the assets they threaten. You need to be honest, and this is where an external audit can be very helpful. You might have a team that is great at detecting and eliminating threats. Maybe you all have a great knowledge and response to phishing attacks, but you don’t have strong passwords. Whatever the case may be, you need to look at them and get an honest analysis of your performance to this point.
Prioritize Your Threats
Once you’ve done your review, you will need to take the information and prioritize which threats are your greatest and thus need to be addressed first. A great way to do this is to look at how serious a threat is then compared it to its chances of actually happening. This method should give you a solid means of setting your new security priorities.
The final piece is probably the most obvious. Once you’ve identified your problems, you need to make the solutions and establish the plans for implementation. Some of these will be easier to deal with than others, but if you’ve followed this outline and done a thorough review, you should be able to deal with your vulnerabilities and take your security to the next level for the new year.
Are you interested in staying up-to-date with these types of technological changes and advances in IT that happen every day? Contact us to find out how you can join AITP Charleston, the support network for IT support! We offer networking opportunities, educational speakers, career support, mentorship, job opportunities, and best of all – have fun!