LUTZ BUSINESS INSIGHTS

 

Cybersecurity

A beginner’s guide to cybersecurity

SCOTT KROEGER, LUTZ TECH shareholder

 

Every business that operates online has critical data which, if accessed by unauthorized people, could result in major disruptions in operations. Worst case scenario, such access can lead to the downfall of a business. For that reason, companies today invest heavily in cybersecurity to ensure all of their private data remains safe and secure from access by hackers. 

If your business lacks proper IT security, there is no need to worry. This guide details the options available for you to boost your IT security structure. 

 

What are the IT security options available for my business?

Luckily for you, there are a variety of ways you can ramp up your IT security. Some of the most common processes/services include:

1. IT Security Assessment / Cybersecurity Assessment

A cybersecurity assessment is the most comprehensive option that you can go for. Essentially, it involves reviewing and benchmarking most areas in your business to expose any operations, practices, or system configurations that pose a threat to the exposure or leakage of your data.

The assessment will ensure you cover servers, routers, firewalls and workstations. For efficiency, the assessment will go the extra mile to include procedures, policies, and operational practices. 

At the end of the assessment, you will get a 20-50 page report containing an outline of your business’s current state alongside some viable recommendations of what you can incorporate to tighten up your IT security. It is recommended that you perform an IT security assessment once every two years. Therefore, if you are interested in this service, the current market price ranges from $15,000- $50,000.

2. IT Security Audit / Cybersecurity Audit 

A security audit is an overall assessment of the organization’s security status – both physical and non-physical. The aim of this audit is to expose any loopholes that cybercriminals may use to cause a cyberattack on your business. Majorly, security elements (PCI, SOC, HIPAA, GLBA) are assessed in detail through security scans to identify loopholes and deal with them accordingly.

At the moment, assessing the above-mentioned security elements will cost you, as indicated below:

  • PCI audit- $30,000 – $50,000
  • SOC audit- $30,000
  • HIPAA audit- $20,000 – $30,000
  • GLBA audit- $35,000 – $60,000

In that case, if you need to ramp up your cybersecurity structure, make sure to conduct an audit at least twice a year.

3. Penetration testing

As the name suggests, this test helps determine what cybercriminals can access and the extent of damage they can cause once that data is accessed. To get accurate results, the test simulates a real-world attack on your organization and exposes any and all security gaps. Once done, you are advised accordingly on how to seal these holes, thereby strengthening your security structure.

Penetration testing exists in two main categories:

  • External penetration– Works by simulating an attack on your organization by hackers from anywhere in the world.
  • Internal penetration– Works by simulating an attack from within your own network.

Subcategories include:

  • Application- This subcategory works by testing custom-developed web applications. One thing to note here is that most loopholes are created by weak code development.
  • Physical – Tests the physical access to data in your organization.
  • IoT – In this category, IoT devices are tested (emphasis made on custom OS distros).
  • Social Engineering- Here, a test is done on your employees to check for vulnerabilities in accessing your organization’s data.

Currently, the cost of running a penetration test stands in the $5,000-$20,000 range. Additionally, it is recommended that you conduct this service at least once a year.

4. Vulnerability scanning

A vulnerability scan is a regular check of your business environment to try and identify vulnerabilities and fix them. It is conducted quarterly and can be done in two ways:

  • External vulnerability– Here, the scan tests the security of the systems which are exposed to the internet space. For instance, firewalls and servers are all tested.
  • Internal Vulnerability- This method scans and tests any systems which are not exposed to the internet. For instance, workstations, servers and network infrastructure are all tested.

The current market price for vulnerability scanning ranges from $500- $3,000.

5. Risk assessment

As the name suggests, a risk assessment is aimed at evaluating risks to your IT systems and the extent of damage that may occur in the event that it happens. Risk assessments document threats and expose all system vulnerabilities.

For maximum efficiency, we advise you to conduct a risk assessment once annually. This translates to around $6,000 – $40,000, depending on the extent of the assessment in that year. 

6. Security Awareness Training and Phishing

Another way to improve your IT security structure is by training all your employees on the clients’ site. You can teach them using presentations that contain information on how to keep the organization’s data safe through good technology practices.

Phishing works by simulating and testing your employees at an individual level to try and identify who is likely or unlikely to click insecure links shared through email. Currently, a security awareness training will cost you anywhere from $1,000 – $2,000. On the other hand, phishing can cost you anywhere from $1,000 – $3,000 annually. If you need this service, some of the companies that offer it include KnowBe4 and SANS institute.

7. IT Forensics

In the event that you get attacked, IT forensics is done to determine how cybercriminals managed to get into and access your system. The procedure also identifies the type of data that was accessed. A report is then compiled with recommendations of how you can seal such loopholes and prevent any future incidences.

One thing to note is that this service is pretty expensive and can cost you up to $300 per hour. Therefore, completing the job can cost you an average of $20,000, with $8,000 being on the lower side and $75,000 being on the higher side. 

8. Security Policy Creation

This service assists businesses in creating a technology policy. For instance:

  • Cybersecurity
  • Acceptable use of technology at work
  • Business continuity plan

Typically, this service can cost you up to $6,000, inclusive of a template which costs around $3,000, and an interview with your staff which can cost $3,000 to customize it to your organization. If you have already set policies, it is advised that you review them at least once a year.

9. Vulnerability Remediation

One thing about all the services mentioned above is that once something has been identified, say a potential risk, many items need to be remediated. This includes:

  • Adding patches
  • Starting and stopping some services
  • Updating firmware

However, it is worth it that you know that most of the major security companies do not conduct the remediation of the affected items. Therefore, this task is left to your IT department or Managed Service Provider (MSP) to handle.

With that in mind, these services are charged by multiplying a rate by the number of hours taken to complete the task. Rates will vary. It is also important that the company conducting a security assessment is not the same one to conduct the remediation.

 

Key Takeaway

The IT security for your business matters a lot. Therefore, you are encouraged to take the necessary measures to strengthen your IT security structure to prevent access to critical data by outsiders. With that said, feel free to contact us if you have any questions or visit our website to learn more about our Lutz Tech services.

ABOUT THE AUTHOR

402.827.2304

skroeger@lutz.us

SCOTT KROEGER + LUTZ TECH SHAREHOLDER

Scott Kroeger is a Lutz Tech Shareholder with over 15 years of technology related experience. His primary responsibilities include overseeing the areas of managed technology services, custom software development, and creative services. In addition, he provides CIO level consulting to clients.

AREAS OF FOCUS
  • Sales and Operations
  • CIO Level Consulting
  • Managed Technology Services
  • Custom Software Development
  • Creative Services
  • Interface Design
  • Web Technologies
  • Systems Infrastructure
  • Databases
  • Programming
  • Application Integration
EDUCATIONAL BACKGROUND
  • BA in Computer Science, DePauw University, Greencastle, IN
  • Institute of European Studies, Freiburg, Germany
COMMUNITY SERVICE
  • Omaha Children’s Museum, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021