Cyber Hygiene and Pen Tests: #BeCyberSmart This Spooky Szn
Aside from it being #spookyszn, each year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NSA) co-present Cybersecurity Awareness Month to promote and educate the importance of cybersecurity for everyone. This year’s theme remains the same as last year: Do Your Part. #BeCyberSmart.
One the best ways to be cyber smart is to have a great cyber hygiene routine. Just like your normal daily personal hygiene regimen, cyber hygiene involves routinely updating your software; creating, using, and changing strong passwords; securely backing up your devices; and updating system and software patches, to name a few essential practices. Like checking your smoke detectors when the time changes in the fall, you should conduct at least one annual penetration test to determine if your systems are vulnerable to attack.
Penetration testing (aka pen testing or ethical hacking) involves attacking a network and information technology (IT) with known hacking techniques and tools to see if the systems’ security measures can be breached. There are two flavors of pen tests; the tester either attacks the systems with no access from outside the network, or the tester has limited access, mimicking an employee or contractor, and tries to access information beyond their assigned permissions. Both will identify weaknesses in the system’s security and enable you to take corrective actions to prevent a future data breach.
When to Schedule Pen Tests
Pen tests are not a once and done type cyber practice, they represent a single point in time. Performing one annually is the absolute minimum. A best practice is to conduct a pen test any time you make significant changes to your IT infrastructure, as well as prior to product launches, mergers, or acquisitions. Cyber criminals find new weaknesses every day and if your cyber hygiene isn’t maintained, any results from a pen test will be outdated within a few short weeks. So you should conduct a pen test more frequently to know the cybersecurity status of your enterprise, especially if your company handles large amounts of sensitive personal, financial, or the government’s data.
How We Can Help
A favorite saying at Sera-Brynn is attributed to Benjamin Franklin who said, “An ounce of prevention is worth a pound of cure.” Following his adage, we encourage our clients to take timely, cost-effective cybersecurity actions where possible to protect themselves against the threats of cybercrime. Penetration testing is a one of our strongest tools to help a client prevent data breaches and the resulting financial losses. Our pen test services go beyond typical automated vulnerability scanning and testing by tailoring each engagement to our client’s individual needs. So, before you enjoy your pumpkin spice lattes, scary movies, and Halloween candy, make sure you protect your business from the cyber ghouls and goblins out there and schedule for a pen test with us.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn partners with some of the world’s most respected and recognized brands to help them secure their infrastructure and meet cybersecurity compliance requirements. Sera-Brynn has invested in our capabilities and is proud to be only one of seven companies worldwide that hold certifications as both a Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) and a Payment Card Industry (PCI) Qualified Security Assessor (QSA). We use these and other individual advanced certifications (CISSP, CEH, i.e.) to help companies develop cybersecurity programs to meet Federal and Commercial Compliance Requirements (800-171, DFARS 7012, CMMC). Our experts, with their specialized comprehensive experience, will solve your most complex cyber challenges.
Contact us at 1-757-243-1257