How to Perform a Cyber Security Assessment

Cyber Security January 2, 2019

Securing your business is an important first step, but for many, it’s unclear how to start.

This is where a cyber security assessment is critical.

A cyber security assessment is an assessment of where you stand in your IT security efforts. You can rely on a company, such as Power Consulting, to evaluate both your external and internal vulnerabilities.

This company will look for network vulnerabilities, such as gaps in your configuration, and policy weaknesses. The idea is to build a strong understanding of each of your gaps and to use those insights to make a plan that secures your organization and optimizes your cyber spending.

What are the Steps of a Cyber Security Assessment?

Speak to Your Employees

The first step is having a conversation with your employees and key people and understand how they approach cyber security. You should also look at things such as your employee manual and computer use policies. The goal is to identify gaps in your employees’ knowledge. This leads to building an end-user training program to bridge those gaps.

Network Assessment

Next, you must conduct a network assessment from both inside and outside and understand where you have stored your data and which if your staff have access to it.

Disaster Recovery

You should also test your disaster recovery measures. Do you have good backups? Do you have a fully tested disaster recovery plan?

These are all part of your cyber security assessment, which helps you understand exactly where you are and what things you need to accomplish to get to a reasonable point in your security.



Even the Tiniest Gap is Enough for Cyber
Criminals to Ruin Your Business

FREE Cyber Security Assessment

Tools You Can Use for Your Cyber Security Assessment

We at Power Consulting use a number of rapid-fire, network detection and quality scanning tools — such as Avix — to discover network vulnerabilities. In addition, we also use tools with pieces of custom software written by ourselves.

At this step, we are looking for issues such as systems not being patched and systems lacking anti-virus software. In addition, our team will also examine your backups, network and see your security policies to see if they’re sufficient and need of any additional work.

What Happens After an Assessment?

The most important thing you do after the assessment is to figure out where to go from there.

Developing a plan is the whole point of a vulnerability assessment. Getting a vulnerability assessment on its own doesn’t solve anything.

The key next step is identifying where your gaps are and pursue low-hanging fruit such as closing-up big holes, getting your users trained, installing multifactor authentication (MFA) and revoking unnecessary access.

These are things that aren’t expensive to do, but not handling them would leave glaring gaps in your network.

For More on How Small Businesses Can Protect Themselves from Cyber Threats:

At Power Consulting, we would do is sit down with you and review our findings. We’ll also give you an idea of who you can get to the green areas, where everything is looking good, and you have a much higher level of cyber security, without having to spend tons of money.

There’s no 100% in cyber security, and it’s an uphill battle.

So, the higher up you get, the steeper the cliff is going to get. But you can get to 80%, 85%, 90%, even 95% secure range with just a few good steps and some smart information, and understanding where your gaps are, so you can be targeted with it.

Power Consulting brings over 20 years of experience helping small businesses climb the steep hill of protecting their valuable investments from all manner of cyber threats. Speak to us today to find and close your gaps.

Learn More: