How Often Should Small Business Cyber Security Be Checked?

Cyber Security for Small Business 2019

How often should small business cyber security be checked?  

  • At a minimum, most small businesses should be checking it annually. 
  • If your company has compliance requirements, it should be checked quarterly or even more frequently. 
  • If your infrastructure or software changes frequently, is complicated, or if you are a popular target for an attack, like an online retailer, checks should be run monthly. 
  • If you use a managed service provider (MSP) like Intrust IT, then your IT support provider should be performing the tests for you. We recommend you check that they are following best practices and ask for reports. 

Best Practices for Small Businesses

Even if you work with an IT managed service provider (MSP), don’t just assume that the provider is running the security check at the right frequency. You should receive reports to show what was scanned, any issues that were discovered and what was done to resolve those issues. 

Your IT managed service provider should also meet with you on a regular basis. In those meetings, your account manager should inform you about what security improvements are being made and why. Sadly, we’ve met many companies who thought this was being done but found out later that it was not.

How Do You Test Small Businesses Cyber Security?

A security assessment looks at all aspects of the company’s cyber security and uses automated tools to check for things like insecure open ports on a firewall, missing software patches, bad password policies, etc. 

Today’s security assessment tools are incredibly sophisticated and scan everything rapidly. Because the tools are automated, the costs have become more reasonable as well.

Once a security assessment has been done and all issues are resolved, a follow-up scan should be run. This follow-up scan will confirm all work required was completed correctly. 

After those vulnerabilities are corrected, the next biggest vulnerability to address is in your user population. The cyber security threat posed by users is mitigated with security training coupled with phish-testing. Only after all of this work is complete, then it may be advisable to consider spending money to have a penetration test conducted.

Do You Need Penetration Tests for Cyber Security Screening?

Many small businesses are told by unscrupulous providers that they may need a penetration test or pen-test performed for tens of thousands of dollars. A penetration cyber security test is rarely needed for most small businesses. Instead, internal and external vulnerability scans are the best place to start. 

A penetration test is where someone outside the organization finds a vulnerability in the company’s security. They then seek to exploit that vulnerability to gain access to internal systems and possibly even exfiltrate data. 

If you aren’t sure when your last security assessment was conducted, then you need to contact Intrust IT today and get it scheduled ASAP!

Tim Rettig | IT Support Cincinnati | Intrust IT

Tim Rettig

Tim Rettig, Intrust IT founder and serial entrepreneur, is a tech expert, educator and tireless advocate for employee ownership. His strategic work to build partnerships with clients has made Intrust into one of the fastest growing IT companies—scoring a spot on Inc. 5000’s list of Fastest Growing Private Companies for a total of four years.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Securing Our Cities Cybersecurity Protection for Local Governments - Intrust IT

Securing Our Cities: Cybersecurity Protection for Local Governments

As a city or municipality manager, you understand that the security of your community extends far beyond physical borders. With...
Manufacturing and IoT Securing Connected Devices

Manufacturing and IoT: Securing Connected Devices

You're the operations manager of a cutting-edge manufacturing facility, overseeing a production floor buzzing with activity. Your team relies on...
Small Business Cyber Security Toolkit

Small Business Cyber Security Toolkit: The Tools You Need to Stay Protected

With great power comes great responsibility, especially when it comes to running a business and protecting your digital assets. As...

Business Continuity Plan Template for Municipalities

Municipalities are facing increasing cyber attacks.  With cybercrime rates soaring and municipalities ranking as prime targets, the need for robust...
Cybersecurity Strategies for Municipalities 8 Expert Tips - Intrust IT

Cybersecurity Strategies for Municipalities: 8 Expert Tips

Municipalities tasked with safeguarding sensitive data and critical infrastructure are increasingly the targets of cyberattacks. Municipalities often handle a vast...
Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...