What’s Your Testing Frequency?

As a cybersecurity provider, you know the importance of setting your customers up with top-notch training, services, and technology products to protect against modern threats and improve cybersecurity posture.

But it can be tough to know what to evaluate – and when. So just how often should you be testing your customers’ network, systems, and people?

 

Cybersecurity is a Posture, Not a Project

One of the biggest mistakes providers make today is irregularity with their cybersecurity program. Running an occasional test, training session, or assessment only once per year—or less—just doesn’t cut it. Just like your health, it’s critical to practice good habits and improve cyber hygiene with regularity. To ensure optimum protection, consider an ongoing cadence, such as:

  • Monthly

    • Test employees with Phishing Simulations to be sure they won’t click a real phishing attack. Phishing simulations also help to see training progress and keep employees on the lookout and on their toes.

    • Run a Website Scan to be sure your customer’s public-facing website hasn’t fallen victim to malware, hacking, and vulnerabilities. Website issues develop and change quickly and should be mitigated just as fast.

  • Quarterly

    • Run a Vulnerability Scan to efficiently check for common vulnerabilities and gaps in your customer’s network. A quarterly scan complements other tools to be sure high-priority issues don’t slip through the cracks.

  • Semi-Annually

    • Perform a Cybersecurity Health Checkup, or overall assessment, at least every six months. A regular assessment also tracks your customer’s score over time and provides action steps for continuous improvement.

  • Yearly

    • Administer Ethical Hacking, a manual and exhaustive penetration test that uses professional software, manual hacking, social engineering, and more to build a full report of your customer’s weaknesses.

 

Setting Next Steps

Regular testing allows you (and your customers) to track progress, notice patterns, and address issues quickly before they can pose a serious threat.

Next steps will vary by service and organization, so work with your customers to form a plan for remediation and improvement. For example, if employees are frequently slipping up on phishing simulations, it may indicate that additional education is needed on an individual or company-wide basis. Or if a vulnerability scan records out-of-date software two tests in a row, it might be time to consider an updated patching strategy.

 

Customizing Your Schedule

Keep in mind that, while this testing cadence is a great place to start, you may need to customize it. Develop a schedule with your customers that’s right for their size, company type, budget, and compliance needs.

Additionally, whenever there is a significant change to your customer’s network, software, systems, or even employees, you should consider retesting. Be sure keep your finger on the pulse of any changes that might impact security.

 

In the end, the most important part is keeping up with a regular, ongoing cadence. After all, cybersecurity isn’t something you can do just once.

 

Stay Safe,

Your Friends @ Defendify