IT departments and managed IT services providers play a strategic role in cyber security. Business leaders may not need a clear understanding of the technical details, but they should know what the teams are doing to protect the business from cyber threats.
Below are 12 cyber security questions you should ask your teams to answer:
- What is the top cyber security concern our business faces today?
- Have we allocated enough resources to properly address the most significant cyber security threats? What specifically have we done?
- How have we confirmed that we are in compliance with regulatory requirements for our industry?
- Is rogue IT (unsanctioned device/application use) a security threat here, and if so, what are we doing to address the situation?
- Do we have a complex password policy for our employees and how frequently do we require them to be changed?
- What firewall are we using and does it incorporate the latest in threat detection and prevention technologies?
- What is our company’s disaster recovery plan and when was it reviewed and updated?
- Have we adequately addressed the risk posed by employees, including education and training, policies regarding internet and device use, and employee turnover risks?
- Is all sensitive data secure (in storage and when transmitted) and backed up on a routine basis? Where is the backup kept? Is it protected?
- What is our plan for identifying and addressing cyber threats? Is it current?
- Are we vulnerable to third party applications hosted on our network?
- What does the company need to do to ensure proactive cyber security moving forward?
With the answers to these questions in hand, Goliath can gauge your current security profile and create a plan to manage cyber security proactively in the future. Revisit these questions regularly to properly address the ever-changing cyber threat landscape.