How Often Should Small Business Cyber Security Be Checked?
How often should small business cyber security be checked?
- At a minimum, most small businesses should be checking it annually.
- If your company has compliance requirements, it should be checked quarterly or even more frequently.
- If your infrastructure or software changes frequently, is complicated, or if you are a popular target for an attack, like an online retailer, checks should be run monthly.
- If you use a managed service provider (MSP) like Intrust IT, then your IT support provider should be performing the tests for you. We recommend you check that they are following best practices and ask for reports.
Best Practices for Small Businesses
Even if you work with an IT managed service provider (MSP), don’t just assume that the provider is running the security check at the right frequency. You should receive reports to show what was scanned, any issues that were discovered and what was done to resolve those issues.
Your IT managed service provider should also meet with you on a regular basis. In those meetings, your account manager should inform you about what security improvements are being made and why. Sadly, we’ve met many companies who thought this was being done but found out later that it was not.
How Do You Test Small Businesses Cyber Security?
A security assessment looks at all aspects of the company’s cyber security and uses automated tools to check for things like insecure open ports on a firewall, missing software patches, bad password policies, etc.
Today’s security assessment tools are incredibly sophisticated and scan everything rapidly. Because the tools are automated, the costs have become more reasonable as well.
Once a security assessment has been done and all issues are resolved, a follow-up scan should be run. This follow-up scan will confirm all work required was completed correctly.
After those vulnerabilities are corrected, the next biggest vulnerability to address is in your user population. The cyber security threat posed by users is mitigated with security training coupled with phish-testing. Only after all of this work is complete, then it may be advisable to consider spending money to have a penetration test conducted.
Do You Need Penetration Tests for Cyber Security Screening?
Many small businesses are told by unscrupulous providers that they may need a penetration test or pen-test performed for tens of thousands of dollars. A penetration cyber security test is rarely needed for most small businesses. Instead, internal and external vulnerability scans are the best place to start.
A penetration test is where someone outside the organization finds a vulnerability in the company’s security. They then seek to exploit that vulnerability to gain access to internal systems and possibly even exfiltrate data.
If you aren’t sure when your last security assessment was conducted, then you need to contact Intrust IT today and get it scheduled ASAP!
Share this Blog
Is Your Name or Birthday a Part of Your Password?
If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.
Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.