How to Test Your Company’s Cyber-Security


You might think your company’s cyber-security is airtight, but have you ever tested it? Many organizations are willing to pay thousands for software that they never test against, assuming that it’s always the best. Even if their security software can’t be beat, a careless employee can click on a bad email and bring it all to the ground. The solution is to constantly audit your firewall and test to make sure your security channels can handle the stress. Here are a few ways to start.

clip_image001Image via Flickr by GotCredit

Manually Spot-Check Employees

Employee error accounts for 30 percent of all security breaches, more than any other cause. The most common way for this to occur is through phishing emails. An attacker pretends to be the CEO or human resources officer and asks the employee to send over personal information. Once the third party has access, the rest of the company is up for grabs.

Many companies avoid this by sending random test emails to a handful of employees each month. The email will contain poor spelling and grammar, come from a strange address, and include suspicious links. Employees that click on them are redirected to a landing page about preventing cyber-security breaches. If you can reduce human error, your security is better than you think.

Run a Stress Test Before High-Traffic Days

If you’re going to run a stress test on your security systems, keep the time of year in mind. Retailers will want to run these long audits before Cyber Monday, with enough time to patch any holes. Likewise, tax companies should run their audits in September, so they can make major necessary changes before the spring.

It’s important to know exactly what your site can handle before these big days so you’ll know its limits during the high-traffic season. Hackers are seasonal too, and will look for retailers’ weak spots during the holidays before launching a tax-refund scam in March. Failing to prepare beforehand can cost your company millions.

Consider Hiring an Outside Source

If you don’t have the tools to test internally, consider hiring a third-party source to audit your cloud security. Many companies measure all of your channels and look for security weaknesses that hackers can take advantage of. At the end of the audit, you will receive an overall grade for your company, along with a list of ways it needs to improve.

The benefit of hiring a third party instead of an internal audit is knowledge. Your company will be compared to others in your industry (or other companies of comparable size) to provide context on how good your security system really is. You might think you’re the best, but you could be trailing far behind others.

Remember, it’s OK to find weaknesses in your audit; that’s the whole point. Very few companies walk away with a perfect grade, even if the only issue is employee education. As long as you take the steps to strengthen your security, your initial grade doesn’t matter. Many companies run audits at the same time every year for this exact reason: It’s more important to show progress in your security than hide your weaknesses.