Header Image

IT Security Audits

Get a Quote

In the age of the paperless office, data is being increasingly stored electronically on desktops, servers or in the Cloud. Such data includes email correspondence with customers, vendors and business associates; sensitive client and business information; and promotional material posted on websites and social media portals.

While all these activities are the normal and vital part of doing business in the modern age, are we opening up our businesses (and our sensitive data) to high-tech criminals?

Cybercrime includes:
  • Hacking.
  • Theft of client information.
  • Theft of company intellectual property.
  • Money laundering.
  • Extortion.
  • Identity theft and fraud.

While consumers, Small to Medium Business (SMB) and large enterprises are at risk, it turns out that the SMB are becoming the cyber criminal’s “sweet spot”. Why? Larger businesses tend to have more robust security systems and processes preventing most cybercriminal activities. Security for SMB are usually not as robust which is a serious point of concern. This means that SMB’s are at high risk of data theft, network spamming and virus attacks. Further, cybercrime can happen from within the organisation with a large percentage of data breaches being perpetrated by staff which often goes undetected. Read here for more
Under current Australian Privacy Laws, most small to medium businesses that hold personal information must take reasonable steps to protect information from (a) misuse, interference and loss; and (b) unauthorized access, modification or disclosure. Privacy considerations are also important when outsourcing to Cloud based services. The business needs to have appropriate policies, processes and
tools in place to respond to any breaches in the law.
According to recent updates of the law (2017), companies and organizations must report any eligible data breaches or lost data to the Privacy Commissioner as soon as they become aware of the situation.
Affected customers must also be notified by publishing a statement on the company website.
Penalties for breaches of the Australian Privacy Laws can result in fines up to $360,000 for an individual and $1.8 million for a business.

How can I protect my business?

The first step is to do a security audit which will identify some of the highest risk vulnerabilities in your IT network. Fill in the DIY (Do It Yourself) 17 Point Basic IT Security Audit form below to make an assessment of IT security in your business. (This audit is aimed at small to medium size businesses)

DIY 17 Point Basic IT Security Audit

As you can see in the Malware Trends graph below, in the past cybercriminals were focused on viruses, worms & spyware. These days they are focusing on hacking businesses targeted to get a direct source of payment.

Vulnerability Yes No Don't Know
Do you or your staff work remotely and connect via Remote desktop (not through a VPN) or other remote access software (e.g. TeamViewer or LogMeIn?)
Do your computers have a password to login as well as password login after screen saver is activated?
Do you have all your users in security groups for assigning permissions to file and folder access?
Are the passwords for all your computers and cloud services strong with at least 8 characters, complex & changed at least every quarter?
Do you remove all old/unused/unnecessary user accounts from your server and cloud services?
Have the default admin passwords been changed on your routers, servers etc.?
Are there any open ports in your firewall?
Do you have a 2nd Generation firewall - Rate-based filter?
Is your wireless password strong (using WPA2 with random & complex characters)?
Do you have both an onsite and offsite backup of your data?
Do you have a disaster recovery plan and has it been simulated within past 24 months?
Do you have Snapshot backups where you can revert back to previous versions of a file?
Are you aware of the responsibilities of your cloud providers regarding backups and do you have your own backup system for data you have in the cloud?
Do you enforce 2 factor/2 step authentication for your cloud services such as email?
Do all your computers and servers have adequate Antivirus/Firewall protection (free antivirus is not recommended)?
Do you have a UPS (Uninterruptible Power Supply) on all critical Servers and can they auto shut down when battery is low?
Do you perform yearly maintenance on Computers, Servers & other IT systems?

Security Audit Packages

Not surprisingly 50% of SMB’s do not consider cyber-attacks a serious threat to their companies because they believe they are too small to be targeted. The reality is that this is not the case at all. Read here for more.

A comprehensive Security Audit is great way to determine vulnerabilities that may exist in your business. You will have a security expert visit your business and perform the audit of your choosing. All Audit Packages include internet/network, backup and email audit. A report will then be provided to you with recommended action plan.

Micro or cloud Business audit $299 Network Attached Storage (NAS) Business audit $399 Windows/Mac Server business audit $499
Audit for businesses that do not have a local server or NAS. Includes: Audit for businesses that have a NAS and includes: - 1 * NAS Audit for businesses that have Windows or Mac servers and includes:  
1 * desktop computer audit
  • network audit
  • backup audit.
  • additional computers are $19
per pc.
1 * desktop computer audit
  • network audit
  • backup audit.
  • additional computers are $19 per
1 * Server
  • 1 * desktop computer audit
  • network audit
  • backup audit.
  • additional computers are $19
per pc.
Patches/service packs Restricted physical access to server Restricted physical access to server Administrative passwords complex
Antivirus UPS Disable external device booting Global Groups for all classes of user privilege
Firewall RAID Password on CMOS/BIOS Account/Group Policies to restrict desktop
Remote access latest firmware updates Separate HDD for OS & Data Password strength policy
Limited privileges Secure remote access via VPN or SSL RAID Account Lockout for failed authorised
Naming convention Unnecessary network services UPS Set logon hours
Yearly maintenance Network Recycle bin Yearly maintenance Auditing Policies for logon/logoff
Password on computer when left for a few min IP block for failed authorised attempts IP block for failed authorised attempts Remove non active accounts
Mobile Phone/Tablet Restrictions Password Restrictions Service Packs Review disabled accounts
Enforced password requirement on phone/tablet Global Groups for all classes of user privilege post-service pack Hotfixes Logon hours & Logon to
  Auditing Policies for logon/logoff Secure domain with Group Policy Auto expiry for temp accounts
  Remove non active accounts LAN Manager hash value Review administrator privilege accounts
  Application access for users Remote access via VPN Application server separation
  Review administrator privilege accounts 2 factor authorised for VPN Root drives not shared
  ACL’s on file system/user permissions Account lockout after X number of failed attempts  
All packages come with the following additional checks:
Micro or cloud Business audit $299 Network Attached Storage (NAS) Business audit $399 Windows/Mac Server business audit $499
Optional extras
10 point security check on user devices (desktops. laptops, smartphones, tablets) $19 per user
18 point security check for additional NAS $49 per NAS
26 point security check for additional Windows or Mac Server $99 per server
11 point security check on website $79 per site
Test restoration of file from backup $39
Disaster recovery simulation Requires quote