How Security Testing Reveals Flaws for Los Angeles Distributors

Henry Ngo | Sep 28, 2015

How Security Testing Reveals Flaws for Los Angeles DistributorsPicture this. You walk casually through the main office of your Los Angeles distribution company to do a little impromptu security testing.

Business seems to be humming along. Over to the side, a customer sales agreement is printing. Nobody is there to pick up the print-out right now, but that’s perhaps because they’re busy on the phone.

A few PCs showing internal stock database screens are unattended: an urgent team meeting perhaps?

You ask someone else if you can just check a detail in accounting, using her login and password. She obliges.

You go to the IT room. An employee you haven’t met before kindly holds the door open, so you don’t have to dig out your security pass card. He seems friendly and you strike up a conversation, telling each other about your Facebook accounts, what your dog is called, and so on.

How many security weaknesses have we just described? Here’s a hint: if your answer is less than five, then you’re already missing a hole in your company security!

Why We Don’t See Security Holes that Are Under Our Noses

The scenario above is all too common. Between sales quotas that need to be reached, vendors pushing for results, resellers clamoring for deliveries, shipments going out the door, and those support questions to boot, there isn’t always a lot of time left for security.

We simply get lackadaisical until computer hackers, thieves, or irate customers give us a painful reality check.

IT Systems in the Security Spotlight

Security testing often refers specifically to computers, software applications and digital data storage. Indeed, more and more distribution activities are driven by IT and IT systems can hold all sorts of confidential information.

Reseller account information, contracts, end-customer data, and bank account details are just a few examples. Without protection, data may be corrupted, copied without authorization, or stolen. However, physical stock protection, site access control, and employee awareness are all important aspects of security as well.

Testing to Get Around Security Blind Spots

The best person to see the security holes in your own organization is somebody else. For IT security in particular, that “somebody else” can be:

  • An IT tool that methodically checks for common vulnerabilities. Applications to do this can be run routinely, frequently and automatically, to keep first level defenses active and effective.
  • An expert who doesn’t have your blind spots, and who knows the devious tricks hackers use to penetrate IT systems. Possibly a competent external service provider offering this specific service to protect your systems against other attacks too.

Bringing Security Flaws to Your Attention

Some flaws may be very technical in nature. An IT tool may indicate the presence of viruses, Trojans, and other malware. A security test report may list holes relating to SQL injection, cross-site scripting or other strange-sounding names.

But don’t accept mumbo-jumbo! A competent tester will be able to give you a simple, practical explanation of the weakness and what it means in business terms. Making the connection with the real world is important because hackers also get into systems in simple ways, like just asking someone for a password instead of trying to crack it with hacking software.

It’s also a reminder that security testing isn’t only about IT systems, but also about your office, warehouse, and distribution company in general.

 

What has your company done about its security weaknesses? Give us your point of view in the space for Comments below.  

 

And to follow-through on the tips introduced in this short article, be sure to download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.

 

Get Your Free Download: How COOs at Los Angeles Distributors and Manufacturers Get More Done

Author

Henry Ngo

Henry Ngo

In addition to his day to day NOC duties, as one of FPA's bloggers, Henry develops value based blog content sharing his technical expertise with our clients and friends. Henry addresses topical issues in real and meaningful ways communicating technical concepts in an easily digestible way.

Comments