4 areas to include in an IT security assessment

September 26, 20184 minute read

Select article text below to share directly to Twitter!


Cybercrime damage costs are expected to hit $6 trillion annually by 2021, according to data from Cybersecurity Ventures. That makes it more profitable than the global trade of all major illegal drugs combined. Threats are accelerating at such a rapid rate in part because potential entry points have multiplied. Employee-owned mobile devices, unsecured technology connected to the corporate network, and Internet of Things (IoT) devices all introduce unique risks and leave organizations vulnerable if proper protections aren’t in place.

To protect your network from hackers, it’s important to conduct a network-wide IT security assessment to identify any and all gaps in your security strategies. Security risk assessments can help your team find any vulnerabilities or entry points you may not have been aware of, and armed with this information, you can take action to create a more airtight cybersecurity strategy.

When creating an action plan for your security risk assessment, here are some areas you should make sure to include.

1. Data protection

To assess the security of the data stored on your systems, you first need to consider the assets handling that data, such as servers and PCs, as well as any cloud services or vendors. An assessment of your data security should include certain questions, such as “What is the data flow?” and “Who can access this data?” For example, is the login for your cloud service available to employees who don’t need to access the sensitive data stored on it? Does sensitive data ever pass through unsecured channels? Is it encrypted in transit as well as at rest?

To minimize the risks facing the sensitive data your organization processes, map exactly where it travels, who touches it, and what it’s used for. In doing so, you may uncover unexpected areas where your data is not as secure as you thought originally.

2. The print environment

Printers often go overlooked in wider IT security strategies, but print security should be part of any overarching security assessment. A study conducted by Quocirca found that 61 percent of all organizations have experienced data loss related to printing. Yet, many IT professionals can’t even say for sure how many printers exist in their environments off the top of their heads. If you’re serious about closing every potential gap in your security plan, make sure to include printers in your assessment.

A print security risk assessment should include the following questions:

  • How does your organization monitor and manage its printer fleet?

  • How do you protect data traveling across your network to and from printers?

  • How does your organization authenticate users at printing devices?

  • Which document security measures has your organization implemented?

Smart printing solutions that offer tech with built-in security features can help you reduce risks and neutralize threats. In addition, working with managed print services providers can offload the burden of securing printers while also ensuring security controls are properly implemented. Managed print services can play an important part of achieving a more secure print and document infrastructure.

3. Your mobile fleet

Mobility has become so critical to business that, by 2021, the BYOD industry will be worth $73.3 billion. The workplace is increasingly mobile, but businesses are struggling to lock down mobile security, with 39 percent citing security concerns as the number one inhibitor to BYOD.

A security assessment can identify weak points in your mobile security, such as insecure apps employees may be using without permission or personal devices that haven’t been patched against vulnerabilities. Insecure Wi-Fi is another concern you should account for when managing mobile devices. Employees are likely to connect mobile devices to open and insecure public networks, so you may want to offer mobile workers a VPN that encrypts their traffic.

4. Any and all IoT and endpoint devices

There’s a huge range of estimates about the size of the IoT, but whether there will be 30.7 billion connected devices by 2020 or 200 billion, security is a concern. A security assessment needs to take careful account of all IoT and endpoint devices connected to your company network—from smart printing solutions to intelligent thermostats.

To mitigate these risks, you should consider whether IoT devices have built-in security features when making buying decisions. In addition, you should set up access controls and follow basic security best practices, like regularly changing passwords and keeping software current.

Security assessments are all about creating a comprehensive and holistic map of your business’s assets, prioritizing the greatest risks, and seeking out methods of minimizing them. When done thoroughly, a security assessment not only strengthens defenses but also cuts down on costs and boosts productivity in the long run. Investing the time to assess your environment today will pay off with big savings and stronger security tomorrow.

  • Recommended for you
  • Recommended for You