If you are anything like me, you may not like going to the doctor even for just a routine checkup. It’s nothing against doctors, it’s just that in most cases if you are seeing the doctor something is probably wrong. Something hurts, something does feel right, something doesn’t look right, and so on. But hopefully, even if you don’t like going to the doctor, you do stop in at least once per year for a wellness checkup.
A wellness checkup is defined as preventative healthcare that focuses on maintaining wellness and stopping health problems before they occur. Instead of waiting until you have a health issue, you visit your physician to make sure that you’re still in good health or to catch problems in the early stages.
Wouldn’t it be great in this day and age of computer viruses if we had an annual wellness visit for our businesses? You can probably guess what I’m about to tell you….yup, that’s right, we do. We don’t call it an annual wellness check for business technology, but that would probably be a great name for it. Instead, we call it a Risk and Vulnerability Assessment or RVA for short.
The RVA compiles information from a security risk assessment with a vulnerability snapshot to explore the potential weaknesses of the organization, and to help prescribe a course of action to ensure the best possible overall health-related to system health and security. Things change in our business systems just like in our human bodies. As equipment and software age, new vulnerabilities arise, and as we make changes to the systems to facilitate new functionality, we expose ourselves to additional risk. The RVA is focused on regularly checking for these new risks and vulnerabilities and providing a plan of action to reduce the likelihood or impact of these risks.
A risk assessment is generally based on a well-defined and accepted framework such as the NIST Cybersecurity Framework (CSF) or Center for Internet Security Critical Controls v8 (CISv8). For regulated organizations, there will be a required framework such as HIPAA, PCI DSS, CMMC, DFARS, etc. No matter whether the organization is regulated or non-regulated, an annual risk assessment will help ensure the organization has a plan of action for continual improvement or the overall security posture.
Combining this risk analysis with a vulnerability assessment will help identify immediate vulnerabilities that could be exploited and provide details about the current system health. It is recommended that vulnerability scans be performed regularly to catch new and emerging challenges.
To get an annual wellness check for your business, contact us to set up a Risk and Vulnerability Assessment. We promise it’s quick and painless, and will provide you great information to verify you are in good health, or at least catch problems in early stages so something can be done about it before it’s a bigger problem.