CEO’s Checklist for Effective Cyber Security
Hackers are continually expanding their methods of attacks, and companies everywhere of all sizes are being targeted. According to the Global State of Information Security Survey: 2015, the percentage of growth for global security incidents is double the global GDP and global smartphone users combined.
Are you prepared to deal with a cyber security failure in your organization?
As a manager, CEO, or investor, it is your job to ensure your company is doing well, your reputation is not damaged, future business plans are not at stake, and all confidential data is protected. In order to do that, it is important to cover the basics and be up-to-date and active with your cyber security system.
Below are 15 questions to ask yourself as CEO or manager to ensure your company is prepared and taking all necessary precautions against potential cyber threats.
- Do you meet with your IT management frequently to discuss your IT budget and possible areas of concern or cyber threat?
Make sure your IT department has the resources they need to keep the company assets safe. Staying involved will keep you up to date with any company challenges and the seriousness of them.
- Does your company have an Incident Response Plan in place?
Every company needs to be prepared and know what necessary steps need to be taken if a data breach were to occur. An effective IRP will allow you better to detect, respond, minimize damages, reduce recovery time, and minimize costs of any potential cyber security incident.
- When did you last review the company’s IT policies and procedures and do an inventory of your company’s critical assets?
Your cyber security policy should be reviewed and implemented to protect your company’s confidential information and property. It is highly important to know what your critical assets are, and how they are being protected at all times.
- Are your wireless networks within your company secured?
Unsecured wireless networks provide an easy entry point for security breaches. Make sure guest access is secure and limited in addition to internal wireless access.
- Are your company’s operating systems and software applications up do date?
When software is not updated as needed, exploits are made available to cybercriminals and used to penetrate your system and attack. A patch management application updates your software silently in the background as soon as an update is available. It is a great solution to this problem.
- Do you have a well-defined process for remote access and is it properly secured?
Remote access is one of a company’s most vulnerable points and many disregard the risk. Work with your IT team to identify your remote access needs and find a secure solution.
- Is there a clear protocol for file sharing and stored data?
There should be a process to protect data stored in the cloud. It’s important to monitor where your company information may end up.
- Do you have a solution that scans for malware continuously to protect computers within your company?
This works as an additional layer of security aside from an antivirus. This will identify potential threats and keep the system safe.
- Do you have email and internet traffic filtering?
Email and internet browsing are key access points for an intrusion. Having a filtering solution will help protect from email threats, malware, phishing, and spam.
- Do you have local encryption solutions for every computer used within the company?
It is essential that all computers in your company are encrypted so that if a hacker manages to get to your confidential data, they will not be able to access the information.
- Are vulnerability scans on servers and computers performed periodically?
It is important to perform scans in order to discover and manage vulnerabilities on time.
- Does your company servers have a firewall AND antivirus installed on every computer? Today, neither of these things alone is enough to protect your company, but they are still critical parts of your security system and should be considered a priority.
- Does your company have physical security elements present to prevent unauthorized access?
One of the most common causes of cyber security incidents is unauthorized access or use of data, systems, networks, and equipment. Don’t underestimate the human element of cyber security breaches.
- Does your organization have a cyber security training program for new and current employees?
You employees should be aware of cyber risks and the precautions they should take to keep company data safe.
- Are there appropriate backup procedures in place?
Data should be backed up to prevent loss of important information or ideas and to minimize downtime. Keeping historical backups well beyond a few days in a secure location will help you recover from a breach.
Ask yourself these questions to find out if are you prepared to handle a cyber security failure in your business. If not, QAT Global is here to help. Start the conversation today.