I developed the IT Security Scorecard to help SMBs gain insight into their security posture. Most SMBs don’t have the inhouse experience to perform a security assessment. An MSP will charge thousands for an overly complicated assessment, when all that is required is a basic assessment to uncover common issues. The IT Security Scorecard addresses these problems by focusing on the areas that account for the most common security issues. The scorecard focuses on the areas of data backup, software updates, network health, authentication, and end user training.
The goal of this assessment is to give the business a plan of action for improving its overall IT security posture. The areas considered in this assessment cover the major security issues that face businesses today. The report will give the organization knowledge of the threat landscape and its level of exposure. It is designed to raise awareness of general technical and configuration weaknesses that could be exploited by a threat actor.
Following is a breakdown of the scoring:
Backups: Data backups are being made and kept separate, or a robust cloud system with versioning
Network Health: Guest network is separate, networks are regularly scanned, firewall and IDS monitored
Authentication: 2FA in use, admin accounts not being used for user tasks
Software Updates: Regular update schedule followed and patches applied
End User Training: Phishing and other training on a recurring basis