You might think your IT system is safe, but how do you know it is? By getting an independent IT audit, you will get peace of mind that you are protected. And what might the cost to your business be for being wrong?
Typically people feel they must be secure because they haven’t had an attack. However, it typically takes six months to even discover a breach, and often people don’t even know they’ve been attacked because hackers get in and out without turning any systems off.
At Lumina, we have three levels of IT audit that will look at various levels of protection. Our Security Audit is one of our three types of IT audits, that assess your cybersecurity, hardware and operational management: Security Audit, Technical Audit, and Operation Level Audit.
IT Security Audit
With the IT Security Audit, we will take a look at your practices on passwords, password renewals, account and firewall protection to ensure they meet the criteria for Cyber Essentials certification, the Government’s minimum standard for cybersecurity.
Having the systems in place to gain Cyber Essentials certification, means you are protecting your company against opportunistic attacks, which make up a high percentage of cyber breaches. Hackers are basically looking for holes and weaknesses in the software, taking advantage where security isn’t up to scratch. It’s a bit like leaving your car – you lock your valuables in the boot, make sure the windows are closed and the doors locked to stop opportunistic thieves.
The five pillars of Cyber Essentials
There are five core pillars for Cyber Essentials and we’ll compare your system against these pillars to ensure you have the minimum industry-standard requirements:
1. Use a firewall to secure your internet connection
2. Choose the most secure settings for your devices and software
3. Control who has access to your data and services
4. Protect yourself from viruses and other malware
5. Keep your devices and software up to date
Our audit will investigate your firewall to ensure it has a secure internet connection. It will also look at secure settings for devices and software, control of access privileges, who has access to data, antivirus and malware software, and the installation of patches to keep devices up to date.
At a recent IT Security Assessment (which the client had assured us would show nothing, but they had engaged us for “peace of mind”) we discovered an incorrectly configured firewall that was presenting their main database to the internet. This database contained not only client data but also the production designs for their one and only product. Not only was the database being presented to the internet but it was also under a sustained attack from a Chinese IP address. Realising the severity of the situation, our consultant was able to work with the client to help mitigate the threat as quickly as possible. Needless to say the client was happy to have engaged us for “peace of mind” as this highlighted that prior to our audit they believed themselves to be safe and secure but were anything but.
In addition, we’ll look at USB lock-down, accounts with passwords that are not set to expire, accounts from former staff members that need to be deactivated (otherwise ex-employees could still get into your system). Finally, we will look at aspects over and above the bases of the 5 pillars, such as good cybersecurity practices.
This is a high-level overview of your system. If the assessment shows your company’s cybersecurity measures up against the Cyber Essentials certification criteria, we will submit an application on your behalf. If not, we will provide a report that highlights the areas that need to be worked on in order for your company to become certified.
Your worst case scenario is that the IT audit will highlight weaker areas, but that means you can do something about it and make your system more secure going forward.
Get in touch to find out more