What is a network audit? And why is it necessary for your business?

In this article we consider what a network audit is and what makes it necessary for any business to undertake.

What is a network audit?

A network audit is a review of your business IT network. It looks at the network and IT infrastructure and its management protocols, permissions and policies as well as all the devices which connect to the network.

Why do companies undertake network audits?

The goal of a network audit is to understand the state, health and security of the network at a given point in time. The audit should be designed to identify any vulnerabilities or potential security risks that could be exploited by cybercriminals. The audit may also identify other areas where performance could be improved, such as speed, responsiveness and reliability.

By understanding the exposed vulnerabilities and risks, the business can take action to close vulnerabilities and mitigate risks, thereby making the company’s network more secure and strengthening the overall cybersecurity posture of the business.

 

What are the benefits of undertaking a network audit?

A network audit provides an opportunity for you to understand whether the IT systems and infrastructure used by your business is fit for purpose.

By identifying potential vulnerabilities and taking action to fix them, your network audit helps to strengthen the cybersecurity of the business.

Regular audits help you meet compliance requirements. By demonstrating a proactive approach to cybersecurity, you mitigate the severity of any action taken by regulators in the event of a cyberbreach.

By boosting cybersecurity, you reduce the risk of a cyberattack – and all the expense, lost revenue and reputational damage that entails.

In addition, a network audit can identify unexplored opportunities to take cost out of your IT spend and boost the performance of your network.

 

How regularly should a business undertake a network audit?

It is worth noting that a network audit every six months cannot replace the day-to-day operational work your IT team must undertake to address vulnerabilities, ensure timely patch management and monitor for unusual network activity.

A network audit includes this, but it is also an opportunity to take a more strategic and holistic view of your network and IT environments.

That said, a network audit can never be a “one and done” activity.

The pace of change in the IT environment means that risks and vulnerabilities are continuously evolving. Operating systems go out of support. Software is retired or is sometimes not upgraded. New vulnerabilities are identified. New devices and users might be added to the network. Employees may leave and their access permissions need to be revoked. New threats can materialise.

Amidst this sea of change, a network audit captures information about the state, health and security of your network at a single point of time. This means that, because the state of your network is constantly changing, network audits must be conducted on an ongoing basis – perhaps every few months, likely every six months, certainly at least once a year.

The schedule for your network audits will vary depending on the company, the complexity of its network, the industry in which it operates and the regulations and standards which apply, and the perceived level of threat.

For example, financial services business or healthcare organisations dealing with patient PII data will almost certainly run a network audit at least every six months to meet their regulatory requirements.

On the other hand, small businesses in less regulated sectors may not have the resources to undertake a network audit more regularly than once a year, especially if they are to understand and action all the improvements which an audit flags.

 

How is a network audit performed?

Typically, a network audit will include a number of different techniques to determine the performance and security of the overall environment.

Risk assessments should be developed to understand potential risks before you begin. You need this information to properly understand the results of your audit. For example, which versions of software are going out of support, which patches should have been applied to which hardware, etc.

Network scanning software can be used to identify all the devices connected to the network. This gives you an opportunity to understand the overall network, identify endpoints and assess their level of risk. You can use this information to review permissions, ensure operating systems are up to date, identify devices which should have been decommissioned, and assess the success of any BYOD policies.

It is vital to understand which devices and services are obsolete, out of date or reaching end of life. This includes hardware such as your routers, switches, firewalls, servers and workstations. Out of date technology will not be updated to the latest cybersecurity standards or protected against the latest cybersecurity threats. It is a potential weak point from where cybercriminals can access your network. Identifying out of date technology is one of the major goals and benefits of undertaking an audit – as long as you then take action to upgrade or eliminate the device.

Logging the warranty and support status of your systems and devices, including software licencing, versions and support, is another important element of your audit. This helps to reduce the risk of lapsed coverage, helping you to ensure critical systems are protected.

Endpoint management software makes it easier to you to review the application of user permissions and policies. In today’s complex environments it is recommended to follow the “least privilege” principle and a “zero trust” approach, giving users only the minimal level of access needed to do their day-to-day work. When access is no longer required, access privileges should be revoked. Regularly reviewing access rights and permissions helps to keep the potential impact of a cyber breach minimised and avoids unnecessary vulnerabilities.

Network performance logs can identify bottlenecks and highlight areas where performance might be improved across the physical and virtual

infrastructure. Including this information within your overall audit helps to increase the value derived from the audit process.

Penetration testing assesses the effectiveness of the network’s defences. Network security professionals will simulate hacking scenarios to try to gain access to the network, identifying potential vulnerabilities which you can then close.

Finally, a review of the results of the audit and then taking action on any recommendations that emerge from it is the final part of the puzzle; the step in the process that converts the information gathered during the audit into value for your business.

 

Who should undertake the network audit?

If your internal IT resourcing allows, an inhouse technician can undertake the network audit and subsequent analysis, aided by modern network scanning and monitoring tools.

However, if you do not have the skills, resources or capacity to complete the audit inhouse, outside consultants or technicians can run the audit for you. This is worth considering if the alternative is not to undertake an audit. Note that the potential return on investment from an audit is not limited to potential cost of a preventable cyberbreach it may also include productivity gains from network performance improvements and savings in software or operating system licences and subscriptions that are no longer being used or devices that could be recycled.

In addition to the regular network audits, you will likely also want to budget for specialist third-party assistance to complete penetration testing on your network.