AUDITING

Most businesses are complacent when it comes to data security. It might be considered that virus-guards should be up-to-date and shared drive storage should be protected by a password. Network security might even be reviewed periodically in terms of the latest firewalls and a new set of backup tapes, or perhaps you have decided to put everything in the cloud, assuming that to be the solution to all your security concerns. But the truth is most businesses miss the mark by some way in assessing their own vulnerabilities. Some key points to consider:-

  • Do you know where your data is?

You might think you know, it’s in the shared server, right! But what about your email system, your backup tapes, your archives, your cloud storage, external hard drives, phones, laptops, memory sticks, databasesetc? Do you use any third-party organisations with which you might need to share data?

  • Do you know what your data is?

Of course you know what your core data is, but what about all the ancillary data like personal information that might be stored on accounting and HR systems, photographs of driving licences and passports, credit card information that might be stored in photographic form or even scribbled on a piece of paper?

  • Do you know who has access to that data?

Staff, obviously, but where have they come from? What might they be doing with it in their spare time? What about the cleaner? Contractors? Cloud storage providers? Cloud service providers? What about your IT support people? Who do you trust and why?

A Unity Metrix audit starts at the beginning and forms the basis of your EU GDPR and PCI DSS compliance. Recognising where your data is, what it is and who has access to it is fundamental to understanding how best to protect it.

But what about the cost? Of course there is a cost associated with protecting your data, but it is outweighed by the cost of not protecting it. We use industry standard calculations to determine the true cost of doing nothing for every vulnerability we discover. It is then your decision as to whether you want to invest in protecting the asset, insure against the threat or simply accept it, but either way you will have the necessary numbers to make an informed business decision based on a real return on investment figure.

You might be surprised to learn that by far the greatest threats in a network are human, not technical and most often they are not even nefarious threats. Take the employee who accidentally moves or deletes a folder, or the helpful IT technician who takes a laptop with data on home only to have his car broken into and the device stolen. We work with you to create and employ procedures and best-practices and train staff in order to ameliorate these problems.

You should protect your network now, for the same reason you put locks on your front door BEFORE you get burgled; it just makes sense!