Client Information Security Helping Organizations Protect Private Client Data


Performing Effective Security Audits

Many data breach cases in the news have highlighted the security lapses on the end of the companies subjected to such breaches and have clearly established that failure to set up a strong countermeasure places a business at risk of losing customers, money and time (imagine the hassle of dealing with litigation and class suits).

A recent study by Symantec and the Ponemon Institute revealed that in 2011, the average organizational cost of a data breach was $5.5 million, and the cost per lost or stolen record was $194. A data breach may occur through different means, like negligence on the part of employees or malicious attacks from hackers.

According to the same study by Symantec and the Ponemon Institute, negligent insiders were the top cause of data breach in 2011, at 39%. Malicious attacks by hackers caused 37% of all data breaches, and caused the most expensive type of breach, at an average of $222 per lost or stolen record.

Consequently, more and more businesses are setting up their cyber security plan and getting data breach insurance coverage is getting more and more popular with business owners. One integral part of this systematic cyber security plan and one that many business owners should update themselves on is doing regular security audits. You may have a whole suite of defensive anti-data breach measures in place, but how effective are they? Does your system defense have a weak point? How sure are you that all hardware/software are configured correctly and that they’re programmed to work as they’re supposed to? These questions can be answered by doing regular security audits.

Here are some guidelines on how to effectively run a security audit.

  • Evaluate your IT infrastructure. Evaluate the flow of data within your business and identify the vulnerable points.
  • Know the scope of the audit. Identify which data needs to be collected. Have an inventory of all hardware and software being used by the business. Prepare documents and other materials that the auditors may need in planning out the auditing process.
  • Be involved and discuss the plan with the auditor. Be sure that you understand the specifics of the auditing process to be carried out by the auditor. Plan ahead with the auditor and delegate tasks as needed.
  • Get real-time updates on critical information being pulled up during the auditing process.
  • Review the audit and get recommendations on how to address problem areas.
  • Follow up as needed. Determine frequency of security audits to be done.
  • With these steps, you’re sure to determine the strength of your cyber security plan and periodically assess and update it to boost your overall protection from the threat of a data breach.
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.