6 Network Penetration Testing Tips for Los Angeles CPAs

Craig Pollack | Jul 13, 2015

6 Network Penetration Testing Tips for Los Angeles CPAsA skilled penetration testing expert can detect slightest cracks in your Los Angeles CPA firm’s technology infrastructure. Conducting penetration tests on your firewalls, hardware, and Wi-Fi might help you sleep better at night.

Here are six ideas to ensure your penetration testing efforts hit the mark.

1. It’s Not One and Done

If you have completed your first network penetration test and carried out the necessary remediation steps, don’t hang up your testing boots just yet. Know that hackers rarely sleep, malware is constantly evolving, and zero-day viruses happen all the time.

You should test on a regular basis and keep ahead of the curve. Taking the security of your systems for granted is not the most responsible thing to do.

2. Test in Many Colors and Shades

There are a few different kinds of penetration tests. With white-box testing, the ethical hacker knows the network and security devices in place. Black-box testing is a realistic exam scenario, where the tester is “flying blind” into the network.

With grey-box penetration testing, the tester has an idea of the network through schematics, or as an insider, has some knowledge of the security posture of the network. And finally there are red team and blue team “attack” simulations. Red is the most aggressive testing simulation, attacking every network endpoint and potential vulnerability.

3. Vulnerability Scanning

Running vulnerability scanning tests at the same time as your scheduled network security gap assessments increases your understanding of the potential scope of the damage which could occur if a real attack were to take place on your systems.

4. Swing for the Fences

Go in aggressively with your red team while scanning for vulnerabilities with a network scanning application. You’re not looking to blow up your network, but it’s better you are the team testing your security posture to find systems you need to fortify.

5. Test Something like the Real Thing

If you can’t afford a virtual hardware or physical hardware test bed to do your penetration testing on, you can remediate on your production environment.

You can be more aggressive with your test environment without fear of data loss or the need to back up and recover your data before and after each test. If you hear of an emerging threat, you can get a test going immediately without fear of any productivity slowdowns for your employees or clients.

6. Goals, Trends, and Thinking like an Insider

With each round of testing, have a particular goal in mind, such as a specific application, server or endpoint. As you find vulnerabilities and remediate them, keep running reports on the severity and nature of the vulnerabilities you need to address.

If there are operational areas of your business, the severity of vulnerabilities, or other patterns that might be emerging, deliver the reports to someone who can take action.

Many hacking events are done by employees or former employees of a company. Once an employee with the mentality and the motivation of a hacker gets the lay of the land of an organization’s security system and the understands the value of the data, opportunistic hackers try to steal data and make it seem like an external threat.

Penetration testing costs money. Not having these tests done can cost your organization:

  • Even more money
  • Your reputation
  • Productivity
  • Your credibility

Follow these tips to protect your Los Angeles CPA practice and advise your clients to do the same.

 

Have you found any cracks in your technology infrastructure with penetration testing? Tell us about it in the Comments section below.

 

To follow through on the tips introduced in this article, be sure to download our free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.

 

Free Download: 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently

Author

Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.

Comments