The online security audit analyzes how workers utilize the company's and their equipment' from computers and laptops to USB drives and smartphones, and what procedures are in force for the unauthorized access of company and personal hardware, as well as security usage management. It is also important to know how much money is spent on internet usage by employees. Other factors to examine include training and support resources, such as training resources and software licenses. Security vendors may also be analyzed, such as Intrusion Detection System vendors and Firewalls. Finally, software vendors and supporting hardware components should all be examined, as they can affect an organization's security posture.
Before any of these elements can be considered for inclusion in a company's online security audit, the first five doors are opened. These are the most obvious: computer programs and software, internet usage monitoring and reporting, network usage and software, and company data. While each of these can be examined in isolation, thorough and complete understanding must be possible for each to be understood and used in the context of the others. The internet crime and security industry are vast and the landscape is constantly shifting, so it is important to stay ahead of emerging threats.
Among the primary areas of consideration during an online security audit our processes for controlling access, determining who has access, and defining policies and procedures. The first item to look at is who has access. Who has access to sensitive company data? This question is especially important if sensitive data is being remotely accessed (which is increasingly likely), or if workstations are located in multiple geographic locations, with employees using cellular telephones to access workstations and internet data, which are commonly done online. Control of who has access to the internet is referred to as "restrictive control," and is the first item in a 30-day online security audit plan.
Another area of consideration is what types of activities are typically carried out online. For instance, are there threats to physical assets, such as cash, intellectual property, or manufacturing and production tools? Depending on the nature of the cyber-crime, the focus of a cyber-crime and security audit will vary considerably.
Some examples of more generic threats include DDoS (directed online attacks) and malware, which spread through compromised networks and servers. An example of a malware attack could be spreading malware from a USB stick to a laptop or other computer. In a DDoS, a group of people may send spam email to large numbers of people in order to send a large number of bogus messages. A DDoS is a serious problem because it destroys the credibility of the company in question and spreads malware and other viruses throughout the network. In a social networking attack, an attacker could create or establish accounts on popular social networking sites, leaving digital trails that lead back to them and to the company. A good online security audit should consider these examples in their assessment of the internal environment of a company.
In addition to the more generic threats, there are specific threats to employees, customers, and business operations. The most dangerous form of cyber-crime is malware that spreads through employee networks. Many employees conduct business online, exposing companies to cyber-criminals who may be waiting to infiltrate organizations and stealing confidential information. An easy way to protect against this is to implement internal anti-virus software, which can detect malware and block it before it spreads. However, if the anti-virus software is not implemented correctly, the protection afforded to employees is severely limited.
Another threat to a company is exploited instant messaging logs. An online security audit must take a look at the logs created by instant messaging for clues to illicit activity. An easy way to determine which messages may be suspicious is to look for patterns. If the same message appears multiple times or appears with a different recipient, the message is probably being sent by a cyber-criminals. This type of threat is also commonly known as "banging". If the language used in instant messaging is different from that of normal text chats, it may indicate a different crime.
Online security companies also experience a variety of threats from inside the industry, such as spam chat, scam websites, and hacker attacks. While an online security audit will not be able to prevent all these attacks, it can help identify and reduce threats to network and data security. Some of the more common ways that threats are delivered include phishing emails, malicious websites, spoofed email attachments, and compromised or infected instant messaging logs. These are just a few of the many ways that malicious cyber-criminals can infiltrate your network.
