RVA is an Annual Wellness Visit for Your Business

Jan 25, 2022 | Security

If you are anything like me, you may not like going to the doctor. It’s nothing against doctors, it’s just that in most cases if you are seeing the doctor something is probably wrong. Something hurts, something does feel right, something doesn’t look right, and so on. But hopefully, even if you don’t like going to the doctor, you do stop in at least once per year for a wellness checkup.

A wellness checkup is defined as preventative healthcare that focuses on maintaining wellness and stopping health problems before they occur. Instead of waiting until you have a health issue, you visit your physician to make sure that you’re still in good health or to catch problems in early stages.

Wouldn’t it be great in this day and age of computer viruses if we had an annual wellness visit for our businesses? You can probably guess what I’m about to tell you….yup, that’s right, we do. We don’t call it an annual wellness check for business technology, but that would probably be a great name for it. Instead, we call it a Risk and Vulnerability Assessment or RVA for short.

The RVA compiles information from a security risk assessment with a vulnerability snapshot to explore the potential weaknesses of the organization, and to help prescribe a course of action to ensure the best possible overall health-related to system health and security. Things change in our business systems just like in our human bodies. As equipment and software age, new vulnerabilities arise, and as we make changes to the systems to facilitate new functionality, we expose ourselves to additional risk. The RVA is focused on regularly checking for these new risks and vulnerabilities and providing a plan of action to reduce the likelihood or impact of these risks.

A risk assessment is generally based on a well-defined and accepted framework such as the NIST Cybersecurity Framework (CSF) or Center for Internet Security Critical Controls v8 (CISv8). For regulated organizations, there will be a required framework such as HIPAA, PCI DSS, CMMC, DFARS, etc. No matter whether the organization is regulated or non-regulated, an annual risk assessment will help ensure the organization has a plan of action for continual improvement or the overall security posture.

Combining this risk analysis with a vulnerability assessment will help identify immediate vulnerabilities that could be exploited and provide details about the current system health. It is recommended that vulnerability scans be performed regularly to catch new and emerging challenges.

To get an annual wellness check for your business, contact us to set up a Risk and Vulnerability Assessment. We promise it’s quick and painless, and will provide you great information to verify you are in good health, or at least catch problems in early stages so something can be done about it  before it’s a bigger problem.

Recent Posts

The Role of IT Security for Small and Midsized Business

The Role of IT Security for Small and Midsized Business

Everyone knows that securing their business is important. This includes an understanding that securing private data, machines, and the network itself are of paramount importance. So why do so many companies neglect security or treat it as a distant afterthought during...

Five Trends in Technology for Dallas Law Firms

Five Trends in Technology for Dallas Law Firms

The use of technology in law firms is accelerating at a rapid pace. In many practices, pen and paper are on the way out in favor of online productivity tools and cloud storage. Even tools that are familiar, like Microsoft Office, have been updated and improved. To get...

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

Do you ever miss the stories that started “back in my day”? I used to spend weekends at my grandpa’s house helping with chores like mowing the yard or running around the chicken coups. We’d watch black and white western shows on television and then he’d tell me about...