Most modern businesses use computer networks to share data. Whether it's customer records, stock inventory information or internal analytics, even small businesses can now share large volumes of data. To protect your customers and your reputation, it's vital that your network is secure, and a vulnerability assessment is an effective way to find potential weaknesses. If you're about to conduct a new vulnerability assessment, make sure you get the right outcome from the process, and avoid the five following mistakes that can occur.
Assigning the wrong owner
You're unlikely to get the outcome you need from a vulnerability assessment if you don't use the right people to do the work. Assessors need excellent technical knowledge and good collaboration skills. As such, the wrong people often end up in charge of the job.
Common (and generally ineffective) assessment owners in large businesses include:
Unsurprisingly, many companies have to recruit people for the task, on an interim or permanent basis. While this incurs extra costs, the investment is still important to your business.
Ignoring business processes
While the assessment aims to understand where your data network is vulnerable to malicious attack, it's a mistake to ignore business processes. Some of these processes are particularly vulnerable. For example, any team that deals with customer payment cards must comply with PCI Data Security Standards, and employees often have to take extra steps to protect the information.
A thorough vulnerability assessment won't work if you don't collaborate between departments. The assessor must work with technical teams AND other functions like finance, customer service and compliance to fully understand any potential issues.
Failing to consider mobile computers in the assessment
Customers now want to interact with your business in different ways, and you can't assume everyone uses a desktop computer. Smartphones, tablet PCs and other mobile computers all use different operating systems to a desktop PC, and these devices often store and process information in different ways. As such, a thorough vulnerability assessment must consider every tool a customer can use to get access to your systems, or you're likely to miss several key issues.
Missing risks because of conventional thinking
Thieves, hackers and saboteurs are increasingly sophisticated, and malicious attackers can always find new ways to attack your network. Some vulnerability assessments fail because hackers can think more creatively than the person looking for issues on the network.
Of course, nobody can see into the future, but an effective assessment will look past conventional thinking. For example, it's often useful to think of your network as a physical asset. If you decided to assess a building's security, you would probably check if the perimeter wall was secure and strong enough, but what would happen if a thief no longer actually needed to get over this boundary? A good vulnerability assessment tries to think in these terms, outwitting malicious attackers as often as possible.
Rushing the process
You cannot view a network vulnerability assessment as a tick-in-the-box exercise. This activity is not just another routine hurdle you need to cross once a year to keep a regulator happy. Your business depends on the security and stability of the systems you use, so few tasks are more important than this.
Plan the time you need to do the job properly, making sure you consult business people and IT experts. Run the activity as a project, with the right documentation, agreed roles and responsibilities and governance. Communicate the process, progress and results to the wider business, or people won't buy into what you want to do. A comprehensive assessment could take weeks of intensive activity, but this is one of the wisest time investments you can make.
A vulnerability assessment helps you protect your customers' data, but the process won't work if you don't plan and execute the task properly. For more advice, talk to your Internet service provider or IT provider. Click here for more information on the best data handling options in your area.
Share23 June 2015
I recently switched my internet service provider. Once I switched, I was very happy with the speed and service. The internet moved so fast for me that I was on it playing games and messaging friends a lot more than usual. What I forgot was that I chose my internet package based on my past monthly use of the internet, which was low simply because our old service was so slow I didn't like using it much. I chose a package that was limited, and I realized my mistake when I used up all my plan data in just two weeks. Thankfully, my new provider allowed me to switch to unlimited mid-month. I created this blog to remind others to always keep an eye on their internet usage if on a restricted plan and call your provider if you need to change it.
