Well, that depends on who you ask, and what they know about vulnerability management. If you ask me, everyone needs a good vulnerability management program.
Why am I talking about this today? My friend and her daughter both recently received a letter from a healthcare organization that started with “We are writing to inform you of a security incident that may have involved your personal information, which we obtained in connection with your treatment at XYZ organization.” Not a great way to start a letter to a customer. It goes on to say “we discovered that a workstation and server located at one of our locations had been infected by a virus designed to block access to system files. As part of our investigation we learned that external hackers gained access to our systems as far back as January, through a security vulnerability.” It only takes one machine, and one vulnerability, to suffer a breach.
Some may be asking what exactly is vulnerability management. Wikipedia defines vulnerability management as the “cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities, particularly in software. Vulnerability management is integral to computer and network security.” But what does that mean? It means that scanning all of the devices on your network on a regular basis and fixing the issues identified is crucial to a good security program. Remember, most successful hacks or attacks utilize vulnerabilities that are 2 to 3 years old. This type of a program makes sure that those vulnerabilities are removed.
If you accept credit cards for payment, whether on the web or in retail, you know about PCI (Payment Card Industry) regulations. PCI is to retail as HIPAA is to healthcare. And any business that accepts credit cards for payment is subject to the regulations and are required to pass a quarterly scan. But, the scan is against your external facing connection to the Internet. It has nothing to do with the potential vulnerabilities that exist on the computers and other hardware connected to your network.
External scans, anti-virus and anti-malware give businesses a false sense of security in thinking that they are completely covered. But as you probably already know, the bad guys out there are getting smarter all the time, and make it increasingly difficult to intercept potential threats. And once they get inside your network, they look for vulnerabilities in the systems connected to your network. That is why it is so important to be sure that those vulnerabilities are identified and fixed.
You may think that you have a good IT security program. I visited a business recently and was seated in their conference room. When I was led into the room, I was told “If you need wireless, the password is right there on the whiteboard.” Well, once I have the wireless password, what’s to prevent me from sitting in the parking lot, accessing the wireless network, and taking my time looking for any potential vulnerabilities on that network? Nothing!
Small business owners think they are not going to be targeted. But think about this: if small businesses are easier to breach, and a hacker can breach enough of them, they will get as much or more information than the big security incidents you hear about in the news. Remember, nearly 60% of small businesses that suffer a security breach go out of business. Don’t let that happen to you. Let us help.