With the increase in cyber threats, coupled with the confusion and lack of knowledge about cybersecurity, how do you know if your company is secure? How do you know if you’re doing the right things at the right time? The whole topic of cybersecurity is overwhelming and there’s not anything “fun” about it. So, it’s easy to avoid, but at what real risk to the company?
Despite all the statistics that point to the fact that businesses, without the proper security measures, will likely suffer from a cyberattack, cyber threats are still being viewed as scary, but unlikely to occur. Most businesses still see a cyberattack as the monster under the bed, and cybersecurity as protection against the highly unrealistic possibility that there will ever actually be a monster under the bed. But unfortunately, these “monsters” are very real, and the number of attacks continues to escalate. It’s critical for businesses to have the correct security measures in place to keep the “monsters” from being able to even enter the front door.
One security solution does NOT fit all
Be cautious of cybersecurity providers who offer the same solution to every client. Every company is different, so expectations should be set based on many factors: size of the business, type of business, industry, etc. Also, no two businesses require the same IT solutions, support, software, or hardware. So, having tailored and specific IT security is crucial.
Is your business insecure?
If you’re reading this blog, then you’ve been warned! Now, what are you going to do about it? If you want to keep your business safe from cyber threats, knowing your risk level is a good first step to take before addressing each risk.
The following questionnaire addresses this by asking some basic questions that any business owner or management team should be able to answer. While some of the topics are technical in nature, the questions are driven from a focus on the business itself.
Cybersecurity Preparedness Questionnaire
Answer each question below and tally your score. After completing the questionnaire, total your score to determine the level of risk for your company.
Yes: 0 points No: 5 points Unsure: 5 points
- Do you have a cybersecurity budget review annually?
- Do you have a written information security policy signed by every employee?
- Has your company reviewed its cybersecurity policies and procedures within the last year?
- Do you have a person designated as your security officer?
- Do you have a written incident response plan that is reviewed annually?
- Have you tested your incident response plan within the last 12 months?
- Do you know if you have any compliance or regulatory requirements?
- Have you defined the level of cybersecurity needs based on your business and compliance requirements?
- Have you provided security training to your employees in the past 12 months?
- Do you provide security training to employees on an annual basis?
- Can you employees identify sensitive information that could compromise the company if stolen?
- Do you know where your sensitive data is stored?
- Do you have cyber insurance that is reviewed annually?
- Are employees prevented from administrative privileges on your network or computers?
- Does your company have an acceptable use policy?
- Does your company consistently enforce policies around the acceptable use of computers, email, internet?
- Do employees regularly update passwords on company-issued computers/devices?
- Do your employees lock their computers when away from their desk, even for a few minutes?
- Do all your computers have anti-virus software that is regularly updated?
- Does your company have data backups onsite and offsite verified at least once a year?
Low Risk: 0-10 Moderate Risk: 15-25 High Risk: 30-50 Escalated Risk: 55-100
Once you’ve identified your risk level, what now? If you answered “unsure” to any of the questions, do the necessary research to confirm the answer. Once you have a “Yes” or “No” answer for every question, you will have a better idea of your true exposure and can begin prioritizing which areas to address first to mitigate the risk.
If you didn’t score a 10 or below, then getting to the green, (low risk range), won’t happen overnight. It takes time and, most importantly, full commitment and buy-in from ownership and senior leadership. But, as I mentioned, cyber threats are not imaginary monsters. So, don’t pretend they don’t exist and hope that nothing bad will happen. At Fluid, we understand the process can be overwhelming. Even determining the priority of what to do first can be a challenge. Luckily, we have a team of experts dedicated to cybersecurity. So, please feel free to reach out to us for help. Don’t wait until it’s too late!