Do you need a regular cybersecurity audit?
Another week, another security breach, or at least that’s how it can seem sometimes. So far this week, we’ve had Hudson’s Bay, Panera and Under Armour all reporting data thefts. They are not the first companies to do so this year and while it would be nice to think they will be the last, that will only happen if companies, in general, get to grips with the theory and practice of IT security and GDPR, with its much harsher penalties, gives them even more incentive to do so.
With this in mind, companies might wish to consider the long-term benefit of committing to a regular cybersecurity audit, which covers the following points.
Keep your security updated
It’s easy to repeatedly click “later” when a pop-up suggests a security software update, but it is important to keep your software and operating systems up to date so that they include the most recent cybersecurity features and block any holes that cyber attackers have identified.
It’s also important to remember that mobile devices vary widely in the ease with which their operating systems can be updated so you may have to have a process in place to update devices in some way, even when they are fully functional, so you can move on to a more recent (and more secure) operating system.
What has happened in the world of IT security since the last audit?
It’s good to learn from your mistakes, but it’s generally a lot less hassle to learn from other people’s.
What has made the news headlines since your last audit and why? What has been covered in the IT press and what recommendations have been made based on it? If you read that Company X fell victim to a particular failing, then make sure that you are protected against that failing.
What is going on right now, both in general and in your workplace?
Head back to the IT press again or speak to your IT advisers, for information on current security topics to see if they need to be incorporated into your processes and/or systems.
On that note, make sure that all of your software is fully licenced and make sure you are on top of who is using what applications and also what hardware. Hopefully, users are not making software or hardware changes to their desktops or laptops (and hopefully you will long since have blocked external USB devices from connecting to your machines) but the world of mobile devices can be somewhat harder to police unless you make a determined effort to do so and to educate your users regarding the importance of following your policies with regard to their use.
What is in store in the future?
Regular audits will give you an opportunity to start working towards legal, mandatory changes at a more leisurely pace as well as to see what predictions can reasonably be made based on the information available at the current time and to take steps so that you are in the best possible position to accommodate them as, when and if they do actually occur.