Five questions you need to ask to assess your cyber security readiness
There’s no question about it: cyber criminals are out there and applying their dubious work ethic every day to taking from business owners just like you. From customers’ personal identifying information to intellectual property to simply crippling essential systems until a ransom is paid, these hackers are endlessly inventive with one end goal in mind: making easy money.
Here’s the good news: falling prey to an unscrupulous hacker isn’t inevitable and your business doesn’t have to become a statistic. Get started on assessing – and then filling – any gaps in your cyber security today with these five key readiness questions.
Question one: Are my employees ready to resist?
The reality is that employees are often the easiest route into a company’s secure systems. In fact, a 2021 Barracuda Networks research report demonstrated that “an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise”. And what’s more: leaders are not immune, with “CEO and CFO accounts almost twice as likely to be taken over compared to average employees”.
When was your most recent cyber security training for employees? Did it cover the major categories they’re most likely to encounter? Training should include:
- Spotting phishing e-mails.
- Using good internet browsing practices.
- Avoiding suspicious downloads.
- Enabling authentication tools (eg, strong passwords, multi-factor authentication, etc).
- Protecting sensitive vendor and customer information.
- How confident are you that your teams can shine in each area?
Question two: Are your vendor solutions compliant with industry security standards?
Most companies today have outsourced software and other needs to cloud-based vendors – for efficiency, cost effectiveness and the guarantee of always up/always on accessibility, which is increasingly non-negotiable in a world of hybrid and remote work.
Each technology that’s integrated in your IT environment must be compliant with security standards. Start by asking vendors what their baseline cyber security measures are – and especially probe how they keep up with a fast-paced and dynamic threat environment. Triangulate their responses by reading reviews by reputable third-party cyber security outlets; these will provide clear-eyed perspective on what exactly the strengths and weaknesses are.
Question three: Do you run regular vulnerability scans and penetration testing?
Across sectors and industries, businesses regularly run disaster simulations – whether it’s preparing employees to act in a workplace violence situation or what to do in a natural disaster. But what’s essential for every business to do is penetration testing, a form of evaluation that determines how easy it is for malicious actors to hack into a business’s systems.
When was the last time you ran a penetration test? Are you diligent about running regular updates on all software solutions and implementing security patches for new vulnerabilities?
Question four: Do you know how valuable your data is – and is your protection commensurate with its worth?
All data is not created equal. It may all be valuable to a company but that doesn’t mean it’s valuable to a hacker. It often helps to assess exactly what kind of data your company relies on. Think about what’s:
Unique to your business: Your intellectual property and other essential data are highly valuable to you and therefore proportionately more valuable to a cyber criminal.
A reputational risk: Losing a client’s basic personal identifiable information – like their home address and identification number – is bad enough, but leaving other kinds of personal information, like confidential medical records, vulnerable can really damage a company’s reputation in the eyes of clients and the public.
Actionable: Certain data can be subject to penalties (legal or contractual) depending on customer types and regulations
Have you spent the time to review and rank the data your business relies on – and to anticipate the ramifications if you were prevented from accessing it or it became public? It’s an exercise worth doing.
Question five: Do you know what to do when something goes wrong?
There’s a reason the aphorism: “Hope for the best, prepare for the worst” endures: it’s smart practice. Of course, none of us want anything bad to happen to our businesses. It’s human nature to assume that we’re too small to attract the wrong kind of notice. Unfortunately, the statistics don’t bear out that optimism: you are a target.
Instead, ask yourself and your team to think about how prepared you are if a cyber criminal is successful. What does your incident response plan look like? How robust is it? And how often do you reevaluate it against new and emerging threats? A managed service can take some of this rather substantial work off your hands, but it’s still worth understanding where you are in terms of your preparedness for when the worst happens.
It’s never too late to get ready to face the cyber threats that are just part of doing business – of any kind – in the world today. With these questions to guide you, you can begin to take charge of your readiness right now.