We all have that one friend…the one who hasn’t been to the doctor in 25 years since his parents stopped scheduling appointments for him, the one that says that he’d rather not know what’s wrong with him than find out he has lots of problems, or the one that says he doesn’t need to go because he eats healthy and works out often. If you’re like me and think these people are nuts for not getting a regular physical, then read on. If you agree with those people or are one of those people, no need to read the rest of this blog post.
Frankly, this scenario is not far off from what I’ve heard from a lot of small business owners regarding data security.
Sure, we’re in the network security business so this is top of mind for us, but based on some of the things I regularly hear, it’s time to stop burying our heads in the sand. I am often told by business owners that they don’t know where to start. We buy cybersecurity insurance to protect us, our IT company handles all that for us, or maybe the worst, we don’t have anything hackers would want so we aren’t a target. Sound like something you’ve said? Read on.
I completely understand the “I don’t even know where to start” response. Hackers dominate the news and are the focus of most technology companies’ messaging, so I can see how it would easily become overwhelming.
If you don’t know where to start, you need more information. A vulnerability assessment can provide you with that. When you go to the doctor each year for a physical, you don’t necessarily feel sick or think anything is wrong. But you go for her to listen to your heart and lungs, check your reflexes, ask you questions that may indicate concerns based on your responses, and likely get some blood work done to see if you should be concerned about your current or future state. You pay the relatively inexpensive co-pay and you get a lot of valuable information. You need that blood work for your business.
A vulnerability assessment involves a scan of your computers and systems, as well as an analysis of that data to point you to your weaknesses. It’s an assessment of your network and the applications running on it—it looks for known issues that you should address. Large companies have staff that continuously scan their networks and a team of professionals that address the known vulnerabilities that pop up.
Small businesses, on the other hand, can’t always afford to bring that technology and staff in house. Instead, if you’re a small business owner, you should periodically (a minimum of annually) engage professionals to scan, analyze, and present the vulnerabilities in your company’s network. This data will then point you or your IT resources to where you need help; it will tell you if you are in decent shape but need to address a few concerning areas, or if you have essentially left your network exposed to hackers with a bright neon sign blinking “Open.” Trust me, we’ve seen both scenarios and, more times than not, the results are surprising to the company’s stakeholders.
A vulnerability assessment is similar to the annual physical you should be getting—it’s relatively inexpensive, necessary, and—when conducted by the right provider—a useful roadmap for where you may need to pay more attention and focus on improvement. If you don’t know where to start and you’ve done nothing but allow yourself to believe that “IT handles that,” that’s exactly where you need to start. Get a vulnerability assessment for your company’s network, and stop eating so much red meat—your cholesterol is too damn high.