Cybersecurity: do you need to invest in penetration testing?

According to digital security specialists Gemalto there were 945 major data breaches that exposed 4.5 billion records in the first half of 2018. That’s a staggering 291 individual bits of sensitive information stolen every second. Most of these breaches were identity theft and malicious outsiders successfully using phishing techniques to get hold of data.

Cybercriminals are getting cleverer and are developing ever more sophisticated ways of stealing data. They’ve managed to do just that to Facebook, Adidas and Morrisons, so if big companies like that can’t keep themselves safe, how can smaller ones hope to do so?

The truth is they can’t. No-one can. But there are ways you can make it much more difficult for cybercriminals to break in. And if you make it harder, criminals will move on to an easier target.

How can I make it harder?

You could try penetration testing. This is where you get an ‘ethical hacker’ to try and get into your systems. They basically copy what the bad guys do, so they can identify any potential weak spots. They do things like sending spam and phishing emails, using social engineering, and targeting websites and domain servers.

Security firewalls are also sometimes ‘attacked’, and pretend viruses are sent to mimic what a real virus would do in the real online world. They’ll also sometimes pose as employees or contractors and try and break in from the inside. Techniques include tailgating workers into buildings and distracting people, so they leave systems open when leaving their workstation.

A report is sent once everything’s been done with recommendations for improvement.

How often should I do penetration testing?

The minimum is once a year. If you move premises or install or upgrade any new soft or hardware, you should also do some testing. Some companies, particularly those involved with heavy regulation and compliance, might be required to do it more regularly by law.

Larger companies usually have more data that’s desirable to criminals, so they probably need to test more frequently than a smaller one. There’s no hard and fast rule though – test as often as you think you need to. If any areas have been identified where you need to do more, fix those and then test again.

This is bound to be expensive, isn’t it?

Penetration testing can be expensive, but it’s not as costly as a data breach. That could cost your reputation with customers as well as actual money, so it’s worth investing what you can afford to in it.

You can keep the costs down and help your data to stay safe by making sure there are no vulnerabilities in your business. Regularly educating staff on the importance of strong passwords, not downloading malware and keeping them up-to-date on security awareness all make you less likely to have a data breach.

It’s also important they know how to recognise a phishing email and how to report it. You can set up an email address to forward suspicious emails to and reward employees who regularly correctly identify email nasties.

Free software online

There’s lots of free or open source penetration testing software available online. The most popular ones are Nmap, Metasploit Project, Wireshark, and John the Ripper.

They all do different things, from cracking your password to looking for open ports on your system. Running one or two regularly can show you any flaws so you can address them before the hackers strike.

More From The Blog
  • Share the Love: Join Us for a Valentine’s Day Celebration at The Base, Warrington

    Read More

  • 2024 Marketing Predictions Every Business Should Know

    Read More

  • A Magical Night with the Warrington Youth Zone Christmas Production”

    Read More

  • Discover The Base: Modern Workspaces Designed for Success.

    Read More

  • Warrington’s Office Space Opportunities

    Read More


Dallam Lane

01925 909777

The Base Warrington © 2019. All right reserved.
Privacy Policy & Cookies
Terms & Conditions

Misrepresentation Act

The Agents for themselves and for the Sellor/Lessor of this property who agents they are give notice that: 1. These particulars do not constitute any part of an offer or a contract. 2. All statements contained in these particulars are made without responsibility on the part of the Agent(s) or the Seller/Lessor. 3. None of the statements contained in these particulars is to be relied upon as a statement or representation of fact. 4. Any intending Buyer or Tenant must satisfy himself by inspection or otherwise as to the correctness of each of the statements contained in these particulars. 5. The Seller/Landlord does not make or give and neither the Agent(s) nor any person in their employment has any authority to make or give any representation or warranty whatever in relation to this property.

*Prices quoted are per desk per month, subject to contract and do not apply to co-working space.

On behalf of