How long is it since you took a cold, hard look at your IT Security? 

When did your organisation last carry out an IT Security Audit? 

Within the last six months? May we congratulate you on your organisational skills and suggest you read no further (although we’d appreciate hearing how your audit went). 

If, however, your latest security audit was carried out over one year ago / never before, then PLEASE, PLEASE, PLEASE read on. 

We promise, it will prove useful! 

Firstly, do you know what a Security Audit is? 

You’d be forgiven for not knowing. A security audit is not like an audit of your books – it’s not a legal requirement so no one will be beating your door down if you don’t do it! And that is part of the problem. We all do the things in business that we LIKE to do and that we HAVE to do. In other words, we carry out the tasks that form the core of the business, because that is what we love. We have to do our accounts because we’d end up in jail if we didn’t. But a Security Audit can be viewed as non-essential. That is, until we have a security breach!  

So, what is a Security Audit? 

An audit of your security examines all aspects of the business for areas where a security breach could occur. IT infrastructure is evaluated to determine what security arrangements are in place to protect itself against infiltration by criminals. If new hardware or software has been introduced, does that contain the same level of security protection and has it been connected within the system appropriately. Conversely, is old kit capable of coping with new security threats?  

Are security policies still current? Do they need to be updated to cater for new threats, growing staff numbers, additional premises, etc. And are the policy requirements put into practice? If procedures aren’t being followed or communicated then a policy document the size of War and Peace is pointless! Take passwords, for example – the Password Policy can state exactly how passwords should be set up and how often they should be changed, but if no one is carrying this out then the policy is failing and the Security Audit will pick this up. 

How often should you evaluate your organisation? 

We’d recommend at least annually. Threats are emerging all the time, but with the right systems and support in place these should be well covered. Office 365 Enhanced is a great example of a security system that’s available to cope with the latest security threats and will help any organisation to remain secure.  

Who carries out the evaluation? 

You need to ensure that the person available to carry out your security evaluation and audit MUST be armed with the facts about the latest security threats and the best way of avoiding them. They may be one of your team who is an IT specialist, or you may prefer to engage with an external IT provider. Either way, they need to be thorough, knowledgeable and responsible – they have your organisations security in their hands! Last year the UK Government released alarming survey results detailing how three quarters of staff have received fraudulent emails that could lead to security breaches, and that over half of all the UK’s small businesses had inadequate cyber protection. 

Are you prepared to evaluate your IT Security? 

If you need further information in order to carry out your IT Security evaluation and audit then ask Net Primates for advice. We carry out checks for businesses all the time, and install the latest tools to keep businesses safe from harm.  

Don’t leave today, what could cause a security breach tomorrow! Whilst some breaches are containable others are ruinous.

Published November 2019