Security + Pen Testing = Peace of Mind

How do you achieve peace of mind for your business? In today’s climate, the bad actors are not easing up on cybercrime. On the contrary, during the COVID-19 pandemic, cybercrime has increased dramatically. Phishing attempts are especially on the rise as more and more employees are working remotely. Add escalated cybercrime and remote workers together, and you have a dual threat to business networks that can shake the very foundation of your peace of mind.  

Because employers must ensure that their business networks are secure and their remote employees are using sound security practices, a great way to be certain you’ve achieved the highest levels of security for both is through penetration testing.  

Why Penetration Testing? 

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. As a financial institution, identifying your security weaknesses is a critical objective of penetration testing. 

Penetration testing is not only a compliance requirement, but it’s also extremely important for the overall security of a financial institution. Moreover, small home penetration tests can be just as important. Scanning and probing a home user’s IP address will give a quick indicator of whether their home network is secure enough for remote work. 

Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness, and the organization's ability to identify and respond to security incidents.  

The Penetration Testing Process 

Penetration testing can be automated with software applications or performed manually by certified ethical hackers. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in, and reporting on the findings.  

Typically, the information about security weaknesses that are identified or exploited through pen testing are aggregated and provided to the organization's IT and network system managers, which enables them to make strategic decisions about their security and prioritize remediation efforts. 

Mitigating the Weakest Link 

No amount of technology can protect a business if the weakest link in its security chain can be exploited. Your weakest link is frequently going to be your employees—not through malicious intent or efforts, but through lack of awareness and training. Phishing training, awareness, and testing are essential for achieving a secure network posture. Periodic controlled phishing campaigns that target your employees on company premises and remotely will help them learn how to stay alert for threats.  

Cornerstone Resources Expertise 

Due to the often-prohibitive cost of penetration testing, many credit unions have forgone the vital step of penetration testing in their security practices, and therefore peace of mind regarding the organization’s security has been elusive. But now Cornerstone Resources can be a reliable partner in this endeavor. We’ve brought penetration testing in-house to serve credit unions. Members of Cornerstone’s Information Security and Risk Management Consulting group are certified in both ethical hacking and network penetration and can supply cost-efficient testing at home and work, as well as targeted phishing campaigns to measure your overall security posture.  

Contact Cornerstone Resources to learn more about our penetration testing services and how you can secure peace of mind for your credit union.  

Michael Salyer, CISA, CND, CEH, ECSA, is an IT consultant in the financial and technology resources division of Cornerstone Resources. Salyer services credit unions ranging from $2 million to $2 billion in assets. He specializes in physical, administrative, and cybersecurity consulting and addresses compliance elements of NCUA Regulation Part 748 Appendix A and B, penetration testing, phishing campaigns, IT audits, network vulnerability testing, ATM Safety, and other IT, security, and compliance-related issues. In 2020, he gained his ethical hacking certification and certified security analyst credentials.