IT Security Audit
Ask Atomik.biz to perform an IT Security audit, and we check the cybersecurity level of your network and systems
Our security audit typically starts with security policy, software, and firmware versions on critical hardware, antivirus and data backups.
We test connectivity including wireless, firewall, and router security.
Our engineer checks Hardware fault tolerance, redundant power supplies, and uninterruptible power supplies if applicable.
We check Internet domains for ownership, settings, and control.
During an IT security audit, finding third-party remote access to systems is common, and often the company is unaware of this. Suppliers want to make their life as easy as possible and care more about their convenience than their customer’s security.
The most significant risk to security is human nature, and some users are very careless, which puts the company at risk. Typical examples of this are sharing passwords and even writing passwords on post-it notes and sticking them on screens.
Spending some time in the client’s office usually highlights problems and gives an idea of the attitude to security and the level of user training.
We ask lots of questions, and people often say “we meant to deal with that.”
We require access to relevant systems to complete this work thoroughly. Access will require logins and passwords to servers, routers, switches, wireless access points, and any other network devices.
Our completion report provides the customer with a list of weaknesses and recommended actions.
Our IT security audit report tells you how much work is required to attain Cyber Essentials or Cyber Essentials Plus accreditation.
We are happy to do any work to address weaknesses, or you can pass it to your IT provider for action.
COVID-19 Update
During the COVID-19 pandemic, many users who have previously been office-based are now working from home. While this solved an immediate problem it is a serious security risk. People are using non-compliant machines for business purposes.
Home computers often don’t have quality anti-virus protection and are used for recreational purposes. Some home machines are still running Windows 7 and many of the Windows 10 machines are not up to date. These machines risk introducing malware into company systems and breaching GDPR regulations. Using these machines will invalidate any existing Cybersecurity certification and might invalidate cybersecurity insurance.