AICPA identified a list of benefits for cyber security penetration testing that is consistent with Barnes Dennig growth in data security services. Barnes Dennig offers cyber security service for businesses throughout Ohio, Kentucky and Indiana. Our clients appreciate that we have trained cyber security experts available to meet their growing needs. We wholeheartedly agree with the AICPA that the benefits listed below are valuable in the ongoing work of keeping us all safe, secure and in compliance with industry requirements.
Recent results of this work included increased efficiency with email server processing and improved physical security. How can physical security benefit from a cyber security test? As explained by David Hornsby, Data Security Specialist:
“During one recent network vulnerability test, we discovered that a business’s security cameras were accessible online and the ID and password had not been changed from the default settings. A smart bad guy could identify the cameras, log in and turn them off. Needless to say, our client changed the default passwords as a result of our project.”
Every project has unique outcomes, but we agree with the AICPA that these benefits are increasingly valuable for everyone. Ten years ago it may have only been public companies and banks doing this testing. Now it can be applicable for any organization.
Below are seven benefits of cybersecurity penetration testing:
It is adaptable for your particular organization. Testing can suit your unique needs from external and internal-facing networks to web and mobile applications, wireless systems or a combination of these.
It identifies threats with several techniques. Assessments can employ a variety of methods to identify threats, including social engineering, which is used to uncover sensitive information by email phishing attempts or calls to exploit confidential information.
It helps satisfy compliance requirements. Regulations that need to be followed include the Payment Card Industry (PCI) Data Security Standard and the Health Insurance Portability and Accountability Act (HIPAA). Keep in mind that the HIPAA Privacy Rule may apply to practitioners in public practice with clients in the medical field. For more information on this, read this blog post.
It meets mandatory testing requirements. In some cases, penetration testing is mandatory. While it is always recommended, it is a required annual activity for any entity transmitting, processing or storing one million or more credit card transactions with any one card brand annually, those who have experienced a recent PCI data breach or have otherwise been requested by a credit card processor or bank.
It protects stored credit card data. It is also required if an entity is storing credit card data in any manner, using certain kinds of desktop payment processing, online payment processing methods or acting as a PCI service provider to a third-party.
It keeps sensitive personal information safe. It can be used to help protect personally identifiable information (PII) data, such as donor and staff information. It can also help higher education institutions comply with the Family Educational Rights and Privacy Act (FERPA) and identify vulnerabilities that may expose sensitive student information.
It reports critical information. The reports generated should be written to meet the needs of an IT department, management, internal and external auditors and examiners. They should clearly define the scope of the testing, the methodology used and the results of the testing to make recommendations to address any findings. The reports should also be subject to a rigorous quality assurance process to ensure accuracy and completeness.