What is a penetration test and does my business need one?

A penetration test, often referred to as a “pentest”, is a simulated cyber attack on a computer system. A “safe attack,” if you like – carried out by technology professionals, but using similar tools and techniques that a hacker might use.

Penetration tests are performed to evaluate the security of a system. They identify any vulnerabilities, including the potential for unauthorised parties to gain access to the organisation’s system and data. Any security issues that the pentest uncovers will then be reported to the business owners, so that steps can be taken to rectify the position.

I have IT security solutions in place – why would my business need a penetration test?

For your own peace of mind – to identify any gaps which may put your business at risk. If a hacker were to get into your system, data could be lost and you could even be put in a position where the business couldn’t continue to operate. As well as looking at computers and servers etc, penetration tests look across your whole environment and might identify aspects that you don’t automatically think of as “IT”, such as:

  • The security of your website
  • Devices that use the Internet autonomously, like coffee machines, franking machines and meeting room TV screens, which could be harbouring security vulnerabilities
  • Whether your printers/photocopiers and their software might present a weakness

To avoid regulatory fines and / or reputational risks.

  • If your data is compromised, the Information Commissioner’s Office has the power to implement hefty fines which could be financially crippling.
  • Any publicity about a data breach is likely to lose you customers.

To meet the requirements of third parties.

  • Some customers or regulatory bodies may require you to meet minimum security standards and might ask you to confirm that penetration testing is taking place.
  • Similarly, insurance companies often send a security questionnaire – including questions about pentesting – as a prerequisite to providing cover.
  • If your business accepts credit card payments, there are Payment Card Industry data security standards that you need to comply with, and again you’re likely to be asked about penetration testing.

Pentests and the smaller business

Until fairly recently, although penetration testing could be carried out for small and medium-sized businesses, the cost made this prohibitive for most. However, newer solutions have now been launched which are significantly more affordable, and which are flexible enough to let you choose between

  • A one-off test to assess the current state of your network
  • Annual testing to provide help you ensure that any remedial steps remain effective
  • More frequent tests if you (or an interested 3rd party) require more regular assessments

Talk to us to find out more or enter your contact details here.