Let’s face it businesses run on technology. How would your business survive without it? Many business owners pay someone to take care of their computers and never think about IT. Most professional IT people know what they are doing but what did you hire them for? Was it to implement a security structure or to get the system up and running? Generally, they are trying to get the programs you need available and to do so efficiently, security may not have been their focus.
When asked about network security, most people say: “I am too small for a hacker to care” or “I have a firewall, no one can get into my system.” Guess again! According to Verizon Business’s 2012 Data Breach Investigations Report (DBIR), 79% of all victims are targets of opportunity. It isn’t like in the movies where some nerdy kid sits in his bedroom trying to break in. They execute programs that robotically search the world for weak systems. If a vulnerability is discovered, they begin the attack. The fact is simple; the bad guys are not dumb. They know that while big companies may have more data, they are harder to get into while small companies are generally much easier to break into.
Oh, and what about that firewall? First off, firewalls have to be configured for your network. That configuration could open vulnerabilities by allowing unwanted traffic or people to access the network. Firewalls are not designed to simply keep everyone out. It is an old adage that security is built in layers. Firewalls are one layer. Anti-virus software, Strong passwords, and network monitoring are other layers. But all of them must be configured and there is always a potential that they are not working as expected.
If the security of your network doesn’t worry you, what about something else going wrong? Disasters don’t have to be major storms or terrorist attacks. A small fire in your server room could be devastating to your company. How about a leaky pipe or the air conditioner going out? These relatively small issues could cause major problems to electronics. Do you have a plan for this? Is it documented? Has it been tested? Until you have walked through the plan thoroughly, you can’t know that all of your assumptions are valid or the systems you need will be recoverable.
The security and availability of your data and your clients’ data is the responsibility of owners and senior management. The process of setting up and maintaining systems can be outsourced to an employee or a vendor but not the responsibility for it. We can help, though.
While we try to stay away from talking about our services in this blog, we feel this is an important issue that we can help you with. Small companies are being harmed by inadequate security and disaster planning. As a third-party, with no technology products to sell you, we can examine your system without bias and make recommendations for improvement. We work with your IT Staff in a proactive manner. We are there to help them make your systems better and their job easier.
Yount, Hyde & Barbour’s Risk Advisory Services Team can provide you with a Business IT Assessment. This assessment examines security settings, looks for vulnerabilities within your systems, evaluates your disaster planning, and reviews your IT Strategic Plan. In the end, we will report back to you how well you are doing along with our findings and recommendations. Since our team is made up of CPAs with technology backgrounds, we can provide you with technical information in plain English. We work with all sizes of companies, we understand that IT is not a “one-size-fits-all” world and we can help you find the right size controls.
To discuss this service, or other way we can help you achieve comfort in you IT, contact me:
R. Curtis Thompson, CPA.CITP, CISA