Summing It Up

5 Reasons Why Every Company Needs A Vulnerability Assessment

Written by David Hansen | Fri, Aug 25, 2017 @ 12:30 PM

Vulnerability can be a key ingredient in a great romantic movie, but it is a recipe for horror when it exists in business systems.

Movie romances may or may not be one of your favorite kinds of entertainment. At some point, though, all of us have probably sat through at least one film where a character in a potential relationship risks wrecking things because he or she can’t be “vulnerable” enough with the wannabe crush. In some pivotal scene, a friend pulls the person aside and says something like, “You’ve gotta open up. You’ve gotta be more vulnerable.” The character does this and the object of affection is hopelessly smitten. Cue the violins as the happy ending ensues.

If they made a movie about your business, no one would EVER say this. When it comes to finding and eradicating weaknesses in your information technology systems, it’s all about John Wayne—there’s no room for Hugh Grant. You can’t sit back and assume your systems are protected enough. The best way to guard against vulnerability is to constantly seek it out and eradicate it. That’s the purpose of a vulnerability assessment, and there are 5 reasons why this test is one of the most important ones your business will ever take.

  • Identify vulnerabilities in the perimeter systems that protect your network: Periodic scanning of your network identifies vulnerabilities in the critical systems that protect against outside threats. Not only do you need to test against the latest hacker strategies, you also need to verify that everything is up to date. Vendors frequently release patches, updates and firmware upgrades specifically to remediate newly identified security vulnerabilities. A regular scan of your internal and external network systems helps to confirm that they are current for the most recent changes. 
  • Verify that change management processes are keeping pace with security: Vulnerability scans confirm that your company’s change management processes haven’t missed any critical patches. The harder you work at modifying your system to maximize operational efficiency and ease of use, the harder It becomes to keep up with changes from your IT vendors.
  • Check system configuration: Vulnerability scanning can also help identify improperly configured systems that leave a network vulnerable.  We all count on our IT departments to implement new systems in a secure manner. Sometimes, it helps to have a fresh set of eyes look at the system top to bottom, the forest AND the trees, to help support your team and guard against mistakes when configuring and deploying new hardware and software.
  • Validate the actions of third-party IT managed-service providers: Everybody wants to believe that IT managed-service providers deliver the level of support they’ve promised. How can you be sure they are maintaining your systems as agreed in your contracts?  If things are going smoothly, it’s easy to fall into the trap of “If it ain’t broke, don’t fix it.” The problem is, if your system is vulnerable, things could run smoothly until someone finds the vulnerability and exploits it. Without testing, it could be “broke” and you just don’t know it yet. An independent assessment is often a great way to check if service levels are being achieved and systems are protected in the manner described in the contract.
  • Providing customers with assurance: Businesses and consumers are becoming increasingly aware of the importance of data protection. They demand a high degree of vigilance and risk awareness from their suppliers when it comes to cybersecurity. We’ve reached a point where some contracts can be won or lost based on your ability to protect customer information. Whether your business serves the consuming public or other businesses, a strong cybersecurity program that includes periodic vulnerability assessments can help you stand out from your competitors.
 

To be clear, we’re not trying to say that romantic movies are necessarily a bad thing. We just believe very strongly that vulnerability should never exist in business information systems.

Please contact Freed Maxick for more information on how a vulnerability assessment can help your business.

…………………………………………………………………………………………………………………………

Freed Maxick CPAs, P.C. is Western and Upstate New York’s largest public accounting firm and a Top 100 firm in the United States. Freed Maxick’s reputation and experience with vulnerability assessments has made us a go-to cybersecurity firm for businesses from all over the U.S. and Canada who want an extra level of review in their IT systems.