The Identity Theft Resource Center publishes a list of security breaches every week, and as of May 3rd, they’ve reported a total of 348 breaches with 11,361,547 records exposed. These security breaches span:
- Banking and financial services (2.3% of breaches)
- Business (49.4%)
- Education (11.5%)
- Government (4%)
- Healthcare (32.8%)
These numbers are pretty scary when you think about the amount of personal information that these industries maintain, and the potential damage a security breach can have on a business dealing with one.
While there are many different steps companies can take to boost their network security, they need to determine where to focus their attention. Where are the network vulnerabilities? What are the threats? An enterprise security assessment is a great place to start, and there are a number of assessment tests that you can perform as part of your audit. Here are seven of them:
- Digital Footprint – This test identifies employees, networks, resources, partner relationships, and applications using your network to pinpoint potential areas vulnerable to information disclosure or compromise.
- Internal Network Penetration – This test employs a person acting as an employee with the goal of exploiting system and local access vulnerabilities to obtain sensitive information.
- External Network Penetration – This test employs someone to pose as a malicious individual outside of the organization looking to exploit system and network weaknesses and obtain sensitive information.
- Internal Application Penetration – This test uses a person acting as an employee who circumvents controls—helping you ascertain the likelihood of unauthorized access to application data from within your organization.
- External Application Penetration – This test uses a person posing as a malicious individual looking to exploit application weaknesses and gain access to sensitive data.
- Social Engineering and Physical Assessment – This test employs experts to search for employee information – often available on social media networks and other public sites – that can be used to establish access to networks and facilities, usually through weak passwords and other carelessly managed access information.
- Wireless, Bluetooth, RFID Vulnerability Assessment – Simply by walking the floors and areas in or around your building, this test identifies unknown or rogue wireless devices and the Bluetooth footprint of your organization. Tapping into these areas of weakness can provide hackers with access to your network wirelessly.
There will likely always be security breaches, but companies can and should take steps to assess their enterprise security. Armed with the results of an audit, you’ll be able to establish a plan with the best network security available to your organization.