Fun fact – an IT security audit of your business systems is something that will not only help reduce the risk to your IT systems being breached but you might not be insured if you have not been audited recently.
Cyber Security Insurance is a bit of a no brainer in many businesses now, the risk is just too great. Not only the financial risks but also the reputation of the business is at stake.
What you might not know is that most insurers now require that an audit of systems take place on a regular basis and that disaster recovery processes and procedures are maintained.
The question is do you have any of these implemented in your business?
Let’s look at this a bit more closely;
Ideally, a fresh pair of eyes should be preforming the audit – someone that does not know your IT systems.
The audit itself will look at many aspects of your technology stack.
Most commonly they’ll be a lookup of current IT inventory and how recent devices have been patched with the latest operating system updates.
The next check usually entails confirming that there is some form of antivirus protection on devices and again that the signatures are up to date.
Firewalls are next, do you have one, if so, is it one and what is being protected. More importantly what’s not being protected and what ports may be open on the firewall.
What type of access control system is in place on your network and computer systems, who maintains this and how is it managed?
These are some of the most common IT security checks any auditor will perform they may also look closely at your backup and disaster recovery procedure and processes.
First off, has your disaster recovery process been tested in the last 12 months? This is a common question insurance companies will ask.
If so, how long does it take to recover business-critical systems? That’s the second question they’ll ask.
3rd and probably most important is a test recovery of your backups been performed in the last 1 month?
The backup check is probably the most important check out of all the information we’ve outlined in this article.
Ransomware has a tendency to encrypt all data on the network and the only method of restoring systems is usually by using the most recent backup.
If you would like a fresh set of eyes to check over the security of your business and IT systems please do not hesitate to contact us to arrange an audit.