Our previous articles have discussed cybersecurity in your organisation; how attackers attack, how to prevent being attacked, and what to do in the event of an attack.
In this article, we explore the five most important cybersecurity questions your company should ask to ensure a thorough and complete security strategy.
There should be a clear answer to these questions – false assumptions can create security gaps. Make sure those responsible provide evidence of the implementation of processes, procedures, education, and verification.
1. Do we maintain regular inventories of our assets?
Physical and virtual assets need to be inventoried accurately. It is impossible to know what needs to be protected without this information. Your inventory should include the following items at a minimum:
Information about Hardware and Software Licences – including their purpose, location, configuration, age, and version.
Your Data – Know what data you have, where it is located, how often you back it up, and how you use it. Additionally, you should have documented who has access to what and what should happen if a breach occurs.
Make sure you keep your inventory updated as well!
2. Are our employees properly and regularly educated about cyber threats?
The cyber threat landscape is constantly evolving. The importance of properly and regularly training your staff cannot be overstated. It’s not enough to hand out information and then test their knowledge.
It is far more important to teach them why they must know information, how their actions will impact others, and then to randomly test them on how they will respond to decisions that may lead to an attack.
Randomly testing people makes them more cautious and less likely to take risks. The testing should be as sneaky as possible without warning, as realistic as possible, and random so that it doesn’t become a habit.
3. How do we manage cybersecurity risks in our business?
It is important that you are aware of how your business uses technology, how it is leveraged, and what the consequences are if that technology is attacked. The impact of a major cyber incident on your business is unlikely to be fully understood by your employees.
Having the ability to recover from a cyberattack is important, but it’s also important to examine your ability to continue operating during a cyberattack.
It is also essential to know the minimum continuity requirements for your organisation, whether your IT team is capable of meeting them, and whether you are prepared to meet them.
4. Where do we stand the highest risk of attack?
Unfortunately, it is not possible to prevent all attacks 100% of the time. Knowing where you are vulnerable will help you prepare better. Learn what your IT team knows about your vulnerabilities and how they monitor them.
5. How quickly can we recover from an attack?
The majority of organisations lack a recovery plan in the event of a major attack. Consider issues like minimising downtime, reducing revenue loss, and managing customer expectations before you experience an attack.
Regular reviews and testing are necessary to ensure that your plan can be followed.
You should request evidence of:
Incident Response Plans – should include the latest test results and any adjustments made since the last test. It should also specify who is responsible for what in the event of an incident. Tests and updates should be carried out by the owner of your plan.
**Disaster Recovery Plans** – provide details on how to recover after a catastrophic event.
**Business Continuity Plans** – outline how you will continue to operate in the event of a disaster – both during and after.
**Insider Protections** – Make sure you know what your organisation has in place to protect you from threats within.
Your company’s policies should be documented and clearly understood by all employees, managers, and other stakeholders. If they are not documented, or only exist in the mind of a member of your staff or IT department, they are not real.
Why are these questions important?
No business can afford to ignore the importance of cybersecurity. In sales, marketing, and other areas of your business, gut instinct can work, but when it comes to security, you need facts.
Make sure your business isn’t exposed to litigation, fines, or front-page headlines due to data breaches
At Armco, our cybersecurity experts are ready to tailor a strategy that will ensure your business is secure and compliant as it grows.
Feel free to contact us if you need assistance or an assessment of your cybersecurity risks.
Armco IT: IT Support and Managed Services for Businesses Across York, North and East Yorkshire
There’s nothing we love more than seeing Yorkshire businesses flourish by harnessing the power of IT. Our team of dedicated engineers stands ready to help you overcome any technical challenge and deliver tailored solutions that help your business meet its goals and growth ambitions. From our base in Malton, we deliver proactive IT support and services across York, North and East Yorkshire. We have a strong track record in delivering impactful IT to clients across a wide range of sectors, including manufacturing, design and insurance, among many others. We focus on maintaining, optimising and securing your digital estate, so you can focus on the growth and success of your business. Contact our team and let us start our journey together today.