If it seems like there’s a major data breach on the news every week, think about how many more don’t make the headlines. That’s why, according to CSO Online, experts predict that cybercrime will cost $6 trillion globally per year by 2021, or twice what it was in 2015. Big corporations make headlines, but small to mid-sized businesses are hacked regularly, too.
As a business leader or owner, you need to take preventative action today to avoid your slice of the cybercrime pie. One of the best proactive steps is to take the hacker’s point of view and test how vulnerable your networks are – both internally and externally. We call this practice ‘ethical hacking’ or ‘penetration testing’ – ‘pen testing’ for short.
Whether you outsource your IT or handle it internally, you need to have pen testing on your radar. Here’s how you can keep up with the hackers, depending upon your situation.
Don’t be lulled into a false sense of security by assuming your networks are safe, however. Ask you provider directly about pen testing.”
Outsourced IT? Don’t forget to ask about pen testing.
Many small businesses outsource their IT functions. This makes great sense if you don’t have enough work to keep a full-time resource on the payroll, but you still need to have an expert available to you and your team. The firms that manage IT for multiple local businesses are known as Managed Services Providers, or MSPs, and there are several really good ones that serve the greater Gainesville area.
If your business is currently outsourcing IT, your MSP will likely have a pen testing program in place, complete with trained specialists on staff. Don’t be lulled into a false sense of security by assuming your networks are safe, however. Ask you provider directly about pen testing. The following probing questions should suffice:
- How often is pen testing done? Quarterly is recommended.
- Are the tests both internal and external? Both are needed to be thorough.
- Is testing blind? E.g. the team is not alerted ahead of time.
The responses to these questions should give you a good feel for how protected your networks are.
IT team on staff? Don’t overlook this vital function.
If you have an internal IT team, pen testing might be an area you overlook since it doesn’t seem to be an everyday need. While desktop support, printers and network maintenance are pressing daily tasks, ignoring pen testing can be a fatal mistake.
Assign a team member to lead the charge on testing your networks. There are a ton of great tools to help you get started. They’re available at all different price points, starting at free, so there’s no reason to delay. ITProTV offers online training for Metasploit, Wireshark and Kali Linux, but there are literally dozens of additional, effective options.
Whether you engage with an outside firm for pen testing or handle it in-house, be sure you’re conducting both internal and external testing of your networks.
External Testing: This type focuses on only what’s visible on the internet, such as website, DNS and email servers. The overall goal is to obtain access, gather valuable data, and leave without being identified or tracked. Think of it like a tester checking the locks on external doors and windows of a building to verify they are actually safeguarding against unauthorized access.
Internal Testing: Different from external testing, an internal pen test is one performed behind the firewall. These tests can take multiple forms; perhaps emulating a disgruntled employee, or by way of an insidious phishing attack facilitated by stolen employee credentials.
Act now
Your network is valuable and needs to be protected. You can access a free recorded webinar on this topic from ITProTV and a free guide for IT teams. Get a plan in place to protect your network – and therefore your business – today.