• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Top 5 Vulnerability Assessment Observations

April 24, 2017 Posted by Michael Hammond, CISA, CRISC, CISSP vulnerability assessment

Here are the top 5 observations we encounter while doing our vulnerability assessments.

    1. Change the default password on your router (and while we are at it, upgrade to a real firewall and make sure the default password is changed). While the equipment you get from Comcast or Verizon might be fine to start, eventually you are going to want VPN and remote office, better logging, and the ability restrict ports or IPs in ways more advanced than the Comcast/Verizon can provide).
    2. Patch the operating system AND 3rd party vendor software. (e.g. Java and Adobe)
    3. Check if the office Wi-Fi is using WPA or greater, and that the guest Wi-Fi (if you offer one) is not attached to the production network.
    4. Remove administrator rights from the end users.  This will be a pain in the beginning, but will be a lifesaver later on. Trust me.
    5. Invest in end user security awareness training.  Your network is only as good as the weakest link, and that is your employees.  Train, and test them on how to be cyber safe at work.  This can include phishing training and videos that highlight how to spot malicious emails.  The money spent up front will avoid costly mistakes (and maybe a phone call from your state AG’s office) in the end.

Have more questions? Contact our IT security experts today!

Tags: cyber securityIT SecurityITGC
Share
0
Avatar photo

About Michael Hammond, CISA, CRISC, CISSP

Joining the firm in 2012, Michael is the Principal of IT Audit Services. Michael has twenty years of extensive Information Technology expertise in various disciplines, including operations, control design and testing. Previously, Michael was Vice President and Senior IT Audit Manager at State Street Corporation and is a veteran of the United States Air Force.

You also might be interested in

OCD TECH. HOW TO SECURE A MICROSOFT SQL SERVER?

How to secure a Microsoft SQL Server?

Jan 13, 2023

There are many ways to secure a Microsoft SQL Server,[...]

Why Founders Using FlutterFlow Need SOC2® Compliance: Securing Your App Beyond the Build
Why Founders Using FlutterFlow Need SOC2® Compliance: Securing Your App Beyond the Build

Why Founders Using FlutterFlow Need SOC2® Compliance: Securing Your App Beyond the Build

Oct 15, 2024

As a founder, turning your app idea into reality is[...]

Scraping Social Security Numbers on the Web

Scraping Social Security Numbers on the Web

Oct 1, 2018

One of the most accredited forms of validation for a citizen's identity is a Social Security Number.

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next