Testing Your Data's Penetrability

**This is a guest post by Dan Coppen, IT professional and webmaster for a dozen IT related websites. His current projects involve printer management solutions for virtualized enterprise network and deploying a universal printer driver for a network with both UNIX and WIN users.

Would you turn your network over to a professional hacker and see if he could break through your security barriers? Most businesses aren't that confident-in fact, many business owners know their networks aren't 100 percent secure, that the right hacker could find a hole in the fortress.

The largest single reason for this is money; in today's economy, it's easy enough to do "basic" network security and call it a day. You buy a firewall, and that's it. Additionally, many IT departments have been reduced to just a handful of people (sometimes even less), and layoffs have created a situation where fewer people have to do more jobs.

So, not having the money to pour into IT security, combined with being short staffed, can lead to a perfect situation for hackers.

Even if your company is experiencing these issues, there are things you can do to make sure your business is protected:

1. Test you data's penetrability--with the staff you have. If there is any downtime or a slow period, have your IT staff spend their time checking the network for possible holes. If everyone knows this is the default job in downtimes, you should be able to find out pretty quickly where any potential weaknesses in the network may be. You don't need to hire an outside firm to test for data penetrability if your own people make it a priority to test when they have a few free moments here and there.

2. Make sure employees understand and follow your IT user policy. Many times, visits to questionable Web sites invite trouble in the form of viruses and unintended entry ways for hackers. Make sure employees know that social media, pornography and other iffy Web sites are a big "no" at work.

3. Invest in IT education. Even if your budget has been restricted, and you don't have funding to pay for expensive training, you should still make it a priority to educate your IT staff on the latest backup, data recovery, and yes, penetrability, methods. Putting the right tools in your IT staff's hands makes the difference between whether they're able to spot the new potential threats to your business network or not.

4. Engage an outside IT consulting firm from time to time. Even if you have your own IT staff, consult with an outside firm from time to time to benefit from other professionals' advice on IT best practices. This isn't saying your own IT staff is incompetent; rather, it's giving them a chance to work with other industry professionals to see what the latest and greatest is in IT best practices. Position the consulting as a learning opportunity to your IT folks, rather than a big brother move to double check or second guess them.