How do you know what you don’t know about your IT assets?

Most business executives who come to me for help don’t have a good understanding of how their networks are configured, or who inside – and external to — the organization has access to what information and programs. In fact, while most of these executives are well aware of the possibility of EXTERNAL threats from viruses, malware, phishing scams and the like, they don’t even think twice about the very real access their employees have, and the damage that they could potentially inflict on the company – whether planned or through simple ignorance.

Your IT administrator holds the IT access keys to your company that are as precious – or more so – than the financial keys held by whoever handles the company banking and payroll. When you think about all of the sensitive information that is stored on your servers and individual computers – including company financial data, customer records, employee personnel information, business and personal email correspondence – it’s all there for the taking, all there to be manipulated, stolen or destroyed.

It’s not just a matter of whether or not you trust your current IT administrator. Even well-intentioned and honest IT pros make mistakes and can inadvertently leave the door open for others to gain access to information that you don’t want them to see or have. Just as you have specific procedures, controls, regular checks and reports on your company’s financial position and systems, you should be asking for and receiving the same for your IT position and systems.

That’s why we recommend that every business that has a network, no matter how small or simple, regularly run a simple network assessment scan – at least on a quarterly basis. You should have your assessment performed by a qualified network technician who will be able to analyze the results and quickly cure any deficiencies, vulnerabilities and improper network settings.

How frequently you do you think network assessments should be performed, and who do you think should do them – internal staff or independent third parties?