We released a blog a little while back that highlighted the importance of having a security audit conducted, as well as the result of then having proactive IT security support.
You can read that blog here if you missed it. While it was quite comprehensive, it didn’t include the details from the conversation that occurred at SIG surrounding the process, so we wanted to give our readers access to the key points from the interview.
The conversation below occurred with our marketing director and two security expert technicians who have more than 15 years of combined experience. They handle security audits for a variety of clients in all industries in the Florida and Kansas City areas. They have been working with this client for many months to help secure their network, which got them to the solid NIST score they were hoping for.
Security Audit Interview
What does our security audit process look like for a company in general?
R1: Our client reached out to us. They work with the Department of Defense and knew with the contracts that they were going to have to secure their networks down. We used NIST Standards to break down the process of auditing them.
What does NIST stand for and what is a NIST score?
R1: NIST stands for the National Institute of Standards and Technology. A NIST score helps in presenting real-time, contextualized risk data to improve situational awareness and prioritize required actions. By knowing your NIST score, you can acquire meaningful assessments of the risk of the system, with a data-driven basis to help make further decisions.
Could you walk us through the security audit you recently conducted for client?
R1: Following the NIST framework, we went through 115 questions that determine their ultimate NIST score.
R2: Not only does it give you the questions, but also what is recommended to be in compliance with each aspect.
R1: Yes exactly, so we did that, and they scored a 24 out of 115.
R2: This was good because now the client knew their baseline. It can be really eye-opening for a client because many believe their baseline is already at somewhere like 80% secure. Once you get the real base, you can really start the process of implementing security measures.
R1: From there, we met with their management staff, and began locking things down, line item by line item, providing them with a strong Symmetric IT Group security stack.
I’m aware that the outcome of this audit was successful, in that you were able to get the client to a solid NIST score. Can you explain that a bit?
R1: There was a lot to be done. Given the amount of information that needs to be collected, this doesn’t happen overnight. If you implement things too quickly, things can actually go wrong. We test everything in a testing environment before we implement anything.
R2: For this specific client as well, it was both technological and physical aspects. Some of those things included hardware, locks, and security cameras. This shows that if a company wants to be as secure as possible, the odds of them being able to do everything on their own is minimal.
R1: Using a managed service provider like Symmetric IT Group is one of the only ways to reach this kind of level of security in a decent time frame.
What would you say to a business that is hesitant about having a security audit conducted? How do you emphasize the importance of cybersecurity to a business today?
R2: If you think your security is already pretty strong, it is good to confirm and get a baseline of where you stand. As we stated prior, you may be surprised how vulnerable your business actually is. Our security audits hold you to no obligation, so it doesn’t hurt to see where you stand.
R1: These things take time, but it is worth it to secure your business with the prevalence of cyberthreats. It is also important to have team involvement and security training for your employees.
Get A Free Security Audit Today
We’re really lucky to have security experts on our team at Symmetric IT Group to help proactively monitor our client’s networks. When our clients succeed, we succeed. With that said, we hope this blog emphasized the importance of having a security audit conducted on your business. We’re providing local businesses with free security audits, so reach out to us today to get your local Tampa business started in getting secure.