Why You Might Need a Vulnerability Assessment

Regular checkups help healthy people stay that way – your networks need them too

Regular checkups help healthy people stay that way – your networks need them too

I’m fortunate to be in reasonably good health-and I hope the same for you. I try to keep myself that way by being careful about my diet, and while I don’t exercise as much as I should, by being an active person. Because I feel good and take care of myself, I assume I’m okay. Still, I see my primary care physician once or twice a year for physicals and checkups. It’s something all of us should do. Why? Because these exams are expressly designed to assess your health when you’re not experiencing symptoms.

My expertise is in networks and security. In the server room, I know what’s best. In the exam room, my doctor does, so when he tells me I need to start doing X or stop doing Y, I do it. If I take the actions he suggests now, I stand a better chance of avoiding bigger problems later.

Much like the human body, your organization’s IT environment is a network of interconnected systems. Having an annual IT checkup is the best way to both understand the present health of your network and to find small areas of concern before they become big areas. In my world, we don’t call them physicals, but vulnerability assessments.

I know nothing about you or your organization, but I do know this: If you own, have executive responsibility over, or manage its IT, you need a vulnerability assessment–sooner rather than later. It’s one of the first things I do with any new client, and I recommend them at least yearly and as often as quarterly, depending on the scope, sophistication and complexity. Threats to networks are emerging constantly. I run network vulnerability assessment regularly on my own networks because part of my brand promise is maintaining the most secure possible environment for my clients.

Now, you may be thinking, “We’re OK. We trust our IT person to know what to do.” That’s great. I recommend a regular vulnerability assessment regardless of the trust you have in your MSP or your IT expert. Whether it is with MX2 or another credible cybersecurity company-objectivity is a benefit. The data returned by a vulnerability assessment must be interpreted to be useful. Just as there are different levels of threat to disease and health conditions, there are different levels of threat to vulnerabilities.

Sometimes, operations require keeping a vulnerability in place-for example when a critical piece of equipment runs on software that is no longer supported by the vendor or when certain security patches issued by a developer would cause a cascade of problems with other software. There are certainly reasons some vulnerabilities might be necessary. At the same time, knowing they exist and what countermeasures can best protect you while operating with them is key strategic information.

When it comes to protecting your systems and data-not to mention your clients-a baseline understanding of your vulnerabilities / security risk(s) is key. If you ever did have a breach on sensitive data, one of the first things your board or affected stakeholders will ask is, what could you have done to anticipate this? It’s a very reasonable question.

If your annual physicals are anything like mine, your doctor follows a process. Before I set foot in the exam room, I’ve already had blood taken and analyzed. If any of the values are concerning, an automated system flags them to make sure my doctor is aware. I don’t know what half of those values even mean, but he does. When I get to the office, I fill out a form answering questions about the major systems. If I happen to tick any of the boxes, I’m sure to hear questions about them from my physician. But of course, he doesn’t limit his examination to what I’ve noticed. Very systematically, he and his team measure my height and weight, check my vital signs, and proceed through a thorough examination, asking me questions the whole time.

In a later post, I’ll go into greater depth on what you might expect from a proper vulnerability assessment, but for now I’ve prepared a checklist of sorts to show you the vulnerability assessment process we follow. It’s as comprehensive an assessment as I know of, but you’ll be pleasantly surprised by how little disruption it causes, how quickly it can be accomplished, and how complete it is in identifying critical vulnerabilities, security gaps and flaws in your IT setup.

Ever wonder why physicals and wellness visits are often completely paid for by insurance companies? It’s because they know it saves them huge amounts of risk in the long run.

Share the Post:

Related Posts

HELP US, HELP YOU

Ready to find out what true professional IT looks like? Reach out today and get started with a free consultation so we can begin to create an IT partnership that will push your business forward.