IKEA’s TaskRabbit breach means new passwords
Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Downloads: Free Remote Support: Click here Remote Monitoring: Click here
An Internal Security Audit is where you have your network security tested by a third party. This test is carried out from within your network instead of remotely. This simulates actions of a disgruntled employee to highlight problems you may not have considered. Many companies have good internet protection but their internal system is often overlooked. This makes the internal threat from staff that they think they know and trust the most dangerous. These pose the biggest risk and it is important to ensure people only have access they need to do their job.
Internal Security Audits help your business become more focused on the highest risk to the business. It will show you where you need to improve security and where you need to make changes. The internal threat is often the most dangerous to the business but is also most commonly ignored. It is also good to confirm that routine operations such as backups are working as expected.
For answers to these questions you need an internal security audit.
The key benefits of having an Internal Security Audit are to find out what you don’t already know. You can expose areas of risk to the business that the business is not already aware of. Some of the internal risks are very high and have devastating side effects. We have seen instances of staff stealing company data on USB sticks. We have found work experience students running gaming servers on the business network. We have seen staff do things which had a significant impact on internet speed for the rest of the firm. We have been invited to troubleshoot issues after a security breach has happened and seen things such as: Rogue staff deleting data, editing payment information, altering bank information and other fraudulent activity. We have caught staff running security scanners on the network to find holes in security. We have a lot of tales to tell from the internal threat. Therefore, get your IT checked by a third party regularly to ensure you don’t become a statistic.
Internal security audit time varies depending on the complexity of the network. However typically we would spend a couple of days on site analysing the system with minimal impact to the network users. Then we would write up your report and try to turn around your results within a week.
It involves one of our white hat ethical hackers coming on site and having access to the network with a normal user network account. Using this information, they will use their laptop to run a sequence of tests against your network environment to try and expose any common issues. It doesn’t matter where they are based as long as they have access to the network and can review the relevant systems. A report will be generated off site after the work has been completed and the results discussed with you in detail.