Why you should be getting a review from a security consultant

"Old mate Bill reckons we need a security consultant." 

So, you’re with old mate Bill, having a long overdue catch-up, chewing the fat, talking some shop. He launches into a story about how his company’s CFO got scammed for $50K by a cybercriminal posing as his CEO. You are a technology decision maker at your own company, but knowing Bill, the story could have a bit of "mayo" on top. You do however recall a similar story from another company that you work with, so it captures your interest. Bill delivers the story with gusto (in his usual style), but at the end, he asks, “So how secure is YOUR IT?”. You shrug your shoulders and confidently answer, “we have a mob that looks after all of our IT, I’m sure we are fine”.  Old mate Bill fires back, "I wouldn’t be so sure, maybe you should get a security consultant in?". Initially, you shrug it off, but later the question gets you thinking... 

The situation with old mate Bill may not be familiar, but Bill's question should be. If you haven't been asked the question, you should be regularly asking this of your business. If, like many others, you have had the same response, you should be considering getting a review from a security consultant. 

Whether IT is managed in-house or outsourced, there may be an expectation that those looking after you “IT” are also looking after you IT Security (and doing it well). Once upon a time, this was a reasonable assumption, but the field of IT. security is now so specialised and constantly evolving that you could be making a risky assumption. In most cases, those looking after your IT will have the best of intentions, but not necessarily the specialised skills or funds to deliver the outcomes you expect. 

It is common to easily accept the falsehood that a decent antivirus, a secure firewall, and an effective spam filter is all you need to be protected against cyber threats. Modern security threats are far more sophisticated and varied than a basic antivirus/firewall/filter can protect against. Almost certainly, specialised tools will be required to protect your business and ensure you are informed immediately about any threats (or attempted threats) before they have a damaging impact. 

No matter how big or small, all companies should consider having a documented cybersecurity strategy. There are many different types of security threats that you need to consider when designing an effective cybersecurity strategy. A well-publicised example of a modern-day threat is Ransomware. A company gets hit with Ransomware every 40 seconds, costing businesses more than $5 Billion worldwide in 20171 . Ransomware is a prime example of a threat that many assume will be covered by their basic antivirus or firewall, but this is often not the case. Ransomware can have a significant impact on organisations both big and small and is a very real threat requiring careful consideration.  

As well as Ransomware, some examples of the other threats your cybersecurity strategy should consider include: Botnets, Distributed denial-of-service (DDoS) attack, Hacking, Malware, Pharming, Phishing, Spam, Spoofing, Spyware, Trojan Horses, Viruses, Wi-Fi Eavesdropping and Worms. If any of these items have not been considered in your organisation a security consultant can help you assess the currently landscape and put an effective cybersecurity strategy in place. 

In addition to the impact of security threats on your business, it is now also critical to consider how breaches may impact other parties. In February 2017 the Australian Senate pass the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This law came into effect on the 23rd of February 2018 and is applicable to many businesses and organisations in Australia. The law requires organisations to report incidents where they have determined that a data breach has occurred. This includes incidents where individual data may have been obtained by or supplied to parties outside of the organisation. All incidents must be reported to the Office of the Australian Information Commissioner (OAIC), and any affected individuals. (A more detailed explanation can be found here) For businesses that fall under this law, it is now critical for them to be able to not only identify these breaches, but also have process in place to act on them. Failure to do so can result in very serious consequences. If these laws affect you, a security consultant can help you ensure you are compliant. 

New laws are being introduced regularly, and new security threats are introduced every minute of the day. If you are not re-considering your security position on a regular basis you may be putting your business at risk. If you don’t have someone like old mate Bill to get you thinking about your IT Security, make sure you are asking the question “So how secure is OUR IT?” in your organisation. Ask us at Evolve IT how we can help. 

 


HOW EVOLVE IT CAN HELP?

We take great pride in partnering with organisations. Our team specialises in developing customised solutions to help you get the most out of your technology

Free IT Security Assessment

Posted by Matt Flack

Subscribe to our blog