5 Critical Cyber Security Questions all Business Owners should be asking

Posted by & filed under Cybersecurity.

Cybersecurity is a constantly changing field. As quick as new technology is developed to keep criminals at bay, hackers are finding a way around it. As a business leader, you have a lot to manage, but don’t overlook the importance of managing cybersecurity risks. It only takes a few minutes without email access to realise how dependent you and your business is on technology.

I’m sure you are aware of how damaging leaked or stolen personal information could be for your business reputation, but there’s so much more required to be cyber resilient. The pace of change in technology is faster than ever before.  Employees are working from home more and most are using personal mobile devices to access company information. A raft of new endpoints connected to the web (Internet of Things devices) and online ordering and fulfillment are adding more points of entry to secure.

In a decision-making role you need to know what is being done to Identify, Protect, and Detect your digital assets. You also need to ensure your business is set up to Respond and Recover in the event of a breach. It’s now all about Cyber Resilience.  These five questions should help you manage cybersecurity efforts.

#1 What assets and entry points do we have that need protection – Identify?

This is number 1 for a reason.  Traditionally we very much focused on physical devices (servers and laptops / desktops) and network devices.  But with the proliferation of the cloud, it is now vital to start by identifying your sensitive data, what applications use or host this data and who has access to it.  You need to start with this to ensure critical areas are not left unprotected – the weaknesses hackers troll for.

Good asset inventory management also helps ensure all licensing are current, ex-employees don’t still have access to company data and you have adequate backups in place. This keeps your tech up to date against the latest known threats.

#2 How are we securing our technology – Protect?

Taking a multi-layered approach is critical. Besides traditional endpoint protection, your business also needs firewalls (sometimes multiple). But it doesn’t stop there. You need to take advantage of:

  • Air gapped Automated Backups
  • Advanced Endpoint Management
  • Multi-factor Authentication
  • Password Management
  • Data Encryption
  • Employee Security Awareness Training in defending against cyberthreats.

#3 How do we Detect problems?

Be proactive about detecting incidents or potential incidents! The most damaging attacks come after a hacker has breached a system and spent time to understand what who and when to create maximum collateral damage.  Few know that the average length of time a hacker is inside a system is greater than 180 days.

Ensure you build capabilities to detect any vulnerabilities before the bad guys do.  Most endpoint protection software detects malware, spyware, ransomware at a device level.  But with so many other entry points, it is vital to have real time cyber monitoring in place to be alerted of possible attacks.  It is also good practice to collect and analyse security logs to help identify potential threats and act in a timely manner to mitigate your risk.

#4 What is our plan in the event of an incident – Respond and Recover?

Few of us think at our best in crisis situations. It’s much better to anticipate the worst and think ahead. Management should have plans in place to respond to ransomware, establish a disaster plan, and consider business continuity. You should also determine everyone’s roles and responsibilities. Learn who needs to be alerted, how and when to get back to business as usual as quickly and effectively as possible.

Once you have business recovery plans in place, test them. Don’t want to wait until a cyber incident to learn that your data backup wasn’t working.

#5 What are we doing to create a cybersecurity culture?

You may think about company culture as mission and values. That influences hiring, employee engagement, and business success. Yet you can also encourage an environment that motivates good cybersecurity behaviors. Help your team members understand they have a key role to play in championing security.

Security Awareness Training is our recommended starting point to raise the bar with staff.

Learning more about cybersecurity can only help your business. As specialists in this space myITmanager follows recognised cyber security frameworks with a range of services designed to Identify your risks, Protect your digital assets, Detect potential risks and Respond and Recover quickly.