Our Specialties Include:
FAQ about Security and SCWOA
Who would ever attack us? We are to small \ have nothing of value.
Our IT person told us we were secure; we have a firewall. Is this correct?
Do you hire hackers?
Why should we have a security audit?
After the audit, will you force us to make changes?
What are the most common items you find on the audit?
What are the most common excuses you hear for Poor Security?
What is your goal with these IT Audits?
How often do you perform security audits for a company?
What does SCWOA stand for?
How do we get started?
Who would ever attack us? We are to small \ have nothing of value.
- Your payroll department has Social Security numbers, birthdays, and home addresses. An estimated 8.4 million people had their identity stolen in the USA last year.
- Accounting has bank information, your vendors and your customer's names and addresses, and possibly credit card numbers
- Sales has all of your customer contact information.
- E-commerce websites have credit card information.
- If you develop software, you have source code that should be protected.
- Small companies are an easy target for hackers. Small companies cannot afford a full time security person, and frequently, no one is paying any attention to security.
Our IT person told us we were secure; we have a firewall. Is this correct?
- Just having a firewall these days no longer implies that you are secure. There are other entry points, such as Wireless Access Points, Trojan horses, viruses, spyware and keystroke loggers. Even tools like Logmein and GotomyPC need to be monitored as they allow remote access to data.
- If you allow remote access, how are your users home networks safe?
Do you hire hackers?
- We are an IT Security firm that does not believe in hiring hackers. Would you hire someone convicted of embezzling and put them in charge of your accounting system?
- All of our employees have a minimum of a background check completed on them. Our consultants have a number of industry certifications, including CISSP, CISM, CISA, among others. Some consultants have Top Secret Clearance.
Why should we have a security audit?
- To find out what you have today and find areas that need improvement before your data is stolen.
- To ensure your current security systems are working as you think they are.
- To satisfy regulatory requirements, such as Sarbanes-Oxley, HIPAA, PCI.
After the audit, will you force us to make changes?
- We will work with your IT Staff to implement the changes needed.
- We encourage you to follow your change control procedures and processes for all items.
- You are under no obligation to make any recommended changes.
- If you do decide to make changes, you are free to use any other firm of your choice to conduct changes if you so choose.
What are the most common items you find on the audit?
- Passwords are not changed on a regular basis.
- Software updates have not been applied over long periods.
- Firewall rules are very poorly configured or not configured at all. Some rules do not block anything.
- When people leave the company, the accounts are not disabled.
- Security systems that are put in place to not work they way they were intended to.
- IT passwords are not changed at all.
What are the most common excuses you hear for Poor Security?
- We have always done it this way.
- Company X does it this way, therefore it must be ok.
- We don't use that system, it is just a test system.
- If we make that change, everything will break.
- No one would ever break in like that!
- Our former employees would not attack our systems.
- Microsoft Windows cannot be secured.
What is your goal with these IT Audits?
- Our goal is to work with the IT Department to improve securit so you can conduct your business.
How often do you perform security audits for a company?
- At least annually. Given that the security environment changes quite frequently, we prefer every 3 or 6 months.
What does SCWOA stand for?
- Security Consulting Wizards of America. Pronounced - SCO WA
How do we get started?
- Call us today!