Penetration Testing (also called Pen Testing or Ethical Hacking) is a process by which your network is subjected to attempts to hack into it in order to identify vulnerabilities that could open your company up to data breaches.
This is an audit that provides a point-in-time analysis, along with a report on the security gaps and recommendations for mitigating those vulnerabilities.
Although this is optional (but highly recommended), for some industries, certain companies are required to conduct regular Pen Testing in order to maintain PCI compliance or meet HIPAA security requirements.
How it works
Just like you wouldn’t conduct your own financial or tax audit, your Pen Testing should be performed by a third party rather than your internal technology team or external IT provider. Here are some of the actions that may be included in an active, authorized attack on your company’s technology:
- Use of network scanning tools
- Attempts to hack into the network and install software to watch network activity
- Efforts to hack into the network and exfiltrate data
- Posing as a repair tech who logs onto the network and downloads data onto a USB drive
Of course, Pen Testing needs to be authorized by those at high levels of an organization to prevent panic if someone discovers the hacking efforts while in-progress.
Regardless of which Penetration Testing approach your business takes, the most important thing you can do is to implement the recommendations to mitigate the vulnerabilities. Knowledge without action leaves your network and company open to a cyberattack.
Source: Written by Don Dawson, President
