Tuesday 11th October 2016
by John Casey

John Casey

Why would your business need regular security audits?

The average data breach takes 210 days to be detected. Just think how much damage that will have been caused before you are even aware of it.

Over half of Irish companies reported incidents in 2015 according to the Irish Independent. 55% said they had seen company data stolen, hacked or otherwise compromised and in many cases this was due to employee negligence. A quarter didn’t even know if they had let sensitive data slide or not.

UK Government research shows that two thirds of large UK businesses were hit by a cyber breach or attack in the past year. The most common attacks involved viruses, spyware or malware that could have been prevented.

The bigger your company is, the more likely it is that there is a moral and perhaps even a legal requirement to undertake regular security audits. However, no matter what size your business, it is a good idea to conduct regular external assessments to help you identify your internal network’s vulnerabilities.

Being compliant with standards might protect you from litigation, but will it ensure you are fully protected and your business safe?



Infrastructure Security Audits

Infrastructure Security Audits evaluate the security of a company’s IT systems by measuring how well it conforms to a set of established criteria and comprises:

  • Security vulnerability scans
  • Hardware and software systems review
  • Access controls analysis
  • Anti-virus, back-up and disaster recovery processes
  • Information handling procedures
  • User practices

At the end of the audit, a RAG (Red/Amber/Green) report should be provided with issues categorised into three areas:

  1. Urgent Significant issues that require corrective action to meet business objectives
  2. Less urgent Problems with a negative effect, however not deemed critical. Action should be taken to resolve or monitor
  3. No action required Area performing to plan

You may be able to fix some identified problems yourself. It may be that some listed as red are less important to your organisation. Addressing the red and amber action items will assist in mitigating the entry points for a targeted attack.

By taking this approach, an organisation can quickly identify a clear infrastructure security roadmap and start on a continuous journey of proactive protection for its business. Running such an audit on a regular basis helps organisations identify internal network vulnerabilities.

At Trilogy our mantra is ‘Go to Green’ and we work with businesses to take them on that journey.


Join the discussion

Your email address will not be published. Required fields are marked *