How to Conduct a Network Security Assessment

Every system administrator dreads the call saying his company network has been attacked. Sadly, it is all too common in today’s security environment. The number of attacks has increased by over two-thirds since 2009. And the threat isn’t just from hackers outside the country. Incidents involving insiders in the business have increased significantly.

Many businesses aren’t taking security seriously enough, making them targets for data breaches. Overall, spending on security in corporate America, in companies worth less than $100 million, is down about one-fifth, during a period when security experts say greater resources are needed.

The prime method of preventing or reducing the effect of an attack is by conducting a network security assessment. Here are six steps that smart companies are implementing to protect themselves.

#1. Figure out where hackers can gain entry

First figure out where you currently stand. Look at:

• All possible channels, including ports and IRC/ICQ message channels
• Pinpoint areas that are particularly vulnerable to being compromised
• Determine where hackers can gather private data about employees, your company, stakeholders and customers
• Do a physical inspection of your data center
• Interview the staff in your data area
• Do a thorough audit of networks, IT resources and applications
• Pretend you are a hacker and try to gain entry at multiple points
• Be sure to check your internal networks: not all hackers are outside your company
• Check locks on doors and windows

#2. Stick to a schedule.

Perform the audit on a regular basis. It is wise to choose random dates to keep people off guard. But be sure to do the audits on a regular basis.

#3. Prepare a plan.

Document what you inspect for each assessment. Include who should be interviewed, what physical assets need to be inspected and what electronics must be surveyed. List everything that needs to be done and create a checklist. Make sure all tasks are completed at each audit.

#4. Repair the vulnerabilities.

Secure what is open to attack. Interview employees who are not taking security seriously. Make sure all physical equipment and furnishings are in good repair. Install updates, replace outdated or faulty software and hardware.

#5. Set up a maintenance schedule.

This applies to both your physical and digital equipment. Go into detail about what should be cleaned, updated and replaced and when. Then be sure to stick to the schedule.

#6. Educate your employees.

Make sure they understand how careless, casual actions can imperil your company’s security. Simple things like picking up flash drives that are lying on a desk, using personal smartphones for business work and even social media can cause security problems.

Decide on a set of rules for your workers and enforce them. Insist that they make decisions at work based on security. It isn’t a joke. Bringing down your company’s network costs money and jobs.

A network security assessment is complex, requiring the time and energy from employees and managers. Consider it an investment in the health and financial well being of your business.