It’s okay, we get it. This article’s title isn’t very sexy, but it’s the best we could come up with. The un-shocking reality is; Cyber Security isn’t pretty but it’s a necessity. Whilst powerful learning practices such as phishing tests and cyber awareness programs are designed to test your staff’s human resilience to cyber security threats, external vulnerability scans highlight technical weaknesses that, in some cases, are often identified when it’s too late.
Internal vs External Vulnerability Scans
Let’s start from the top, internal and external vulnerability scans are conducted in a similar manner. External vulnerability scans look for holes in your network, such as open ports on your firewall, and are carried out from outside an organisation’s network. An internal vulnerability scan operates from inside your organisation’s firewall and identifies potential vulnerabilities from inside your network.
Internal and external vulnerability scans are both equally important, but since every cyber-attack on a network would originate from an external source, an external vulnerability scan would often be your first point of call when considering your risks. A light analogy to help explain this would be the equivalent of making sure your doors are locked when you leave the house (external), whilst making sure your valuables are hidden away (internal). The thief would first have to enter the house before he steals your underwear.
Depending on the nature of your business, there could be several regulatory requirements that you need to adhere to.
Internal and external network vulnerability scans are required at least quarterly and after any significant change in the network to satisfy current PCI DSS requirements (PCI Requirement).
When looking at the Cyber Essentials accreditations, an external vulnerability scan of your network is required for the standard certification, to check that your organisation has limited its exposure to common cyber-attacks. If you’re applying for your Cyber Essentials Plus accreditation, as well as the external scan, the certifying body will also undertake an internal assessment (vulnerability scan) of your IT assets such as your desktops, laptops and mobile devices.
Not observing the processes laid out by the certifying bodies and not demonstrating your commitment to cyber security could have knock-on consequences such as upsetting your customers in the event of a data breach, and also not being able to tender for new business, including some government contracts.
How Often Should we do External Vulnerability Scans?
Officially, according to PCI Security Standards, scans should be carried out quarterly, but ideally, the more security conscious organisations run scans far more frequently. Frequent scanning will make sure you’re one step ahead of any potential vulnerabilities and by fixing them as soon as they appear, will avoid a possible disaster.
External Vulnerability Scanning with MFG
MFG’s clients who participate in regular managed external vulnerability scans can rest easy and focus on the core of their business, knowing their network is being routinely scanned for new vulnerabilities. They receive detailed reports and remedial recommendations. Those with fully managed IT solutions also gain access to periodic, pro-active cyber security reviews with our cyber security specialists.
Free External Vulnerability Scan
Free external vulnerability scan? Yes please! At MFG, we have a huge commitment to cyber security. We believe all companies need to train their employees to identify and prevent cyber threats – regardless of their resources or budgets. Since it’s National Cyber Awareness Month, our key objective is to help businesses raise awareness of cyber security threats and promote good cyber security processes.
Need more information on external vulnerability scanning or want to speak to one of our Cyber Security Specialists? Call 0118 914 8800 (opt 1) or email firstname.lastname@example.org.