The Cyber Security Checklist
In the last 12 months, the UK has seen an unprecedented rise in state-sponsored and private hacking.
When you are considering how prepared your company is for a potential cyber attack, you should have these eight questions in mind.
1. Have you set a budget?
A recent IBM security report found that 77% of companies do not have a consistent cyber response plan, and only 31% had set a realistic budget, both for staffing and the tools those employees require to do their job.
First Solution has a Security Operations Centre running 24 hours a day, seven days a week and we would recommend any cyber security business you choose to deal with should be the same. Threats like ransoms for data are an omnipresent risk factor for all businesses large and small, and attacks can happen at any hour of the day, on weekends, during holidays or any other inconvenient time.
2. Do you have an incident response plan with clear roles and responsibilities for your team?
Experiencing a cyber attack of any kind is not uncommon, but it is an extremely stressful time for leadership. In the aftermath of an attack or intrusion attempt, it is vital for your team to know who to turn to.
It is critical that in advance of an attack, your staff know who is in charge, and who either inside or outside of your organisation has permission to take control of your systems.
3. Are you looping your entire organisation into your cyber security plan?
Improving your general level of security always starts with your staff. However vigilant your cyber strategy is, the reality is that employees are always the biggest source of risk in any organisation.
At the minimum, your employees should at least be aware of your company’s cyber security plans. Whether that’s following basic security measures like encrypting outgoing emails or using a password management tool.
Adding in regular training to make them aware of common threats will have a target-hardening effect on your business. This will promote a culture of cautious security and reduce the risk that you will fall prey to the most routine attacks.
4. Are you meeting with employees on a regular basis to ensure your response plan is effective?
Every weak point in your plans is an opportunity for a criminal to take advantage. Hackers have been known to add insult to injury by posing as internal security teams in the aftermath of an attack, making a critical problem exponentially worse.
With this in mind, it is a sound idea to introduce your internal teams to any external contractors on a regular basis, so your staff are familiar with any cyber security defence teams tasked with the cleanup. Meeting regularly with staff can also help clear up any misconceptions about strategy and allow your leadership teams insight into how prepared the organisation truly is.
5. Are you refining your plan along the way?
A cyber incident response plan that is inflexible and set in stone is guaranteed to be ineffective. Security trends can change rapidly and there is always a new threat to take into account. The risks your company faces by not being able to contain a cyber attack are grave. Take for example credit data company Experian, who suffered drastic reputational and monetary loss from not having a thorough, dynamic plan in place when they were hit.
6. Are you documenting all response efforts from beginning to end?
There are three important parts to documenting response efforts. These should be as comprehensive as possible. First, incident response teams should notify all key stakeholders at the earliest possible opportunity. Second, they should offer real-time updates into how the effort to restore systems is proceeding. Third, they need to be able to write and disseminate a complete report that serves as a permanent record of the attack or intrusion. If your cyber security plan is correctly set up, the second and third sections should be triggered automatically.
7. Do you have effective password management policies in place in your business?
While it may sound simple, password management can make a huge difference to your cyber security strategy. As we mention above, your staff are the weakest point of your company’s security and passwords that are too simple, easy to guess or obvious is akin to leaving the door open and inviting hackers in.
Ask your cyber security team:
? Should staff be allowed to generate their own passwords?
? Should employees be using the same passwords across multiple systems or accounts?
? Would it make more sense to use a password manager that randomly generates long, hard-to-guess passwords?
? Should people store their passwords in encrypted folders in cloud storage?
8. Are your employees receiving regular cybersecurity training and phishing simulations?
While it may seem obvious to you how to tell a scam email from a customer query, or how to detect a phishing attempt, the same may not be true across all levels of your organisation.
You may be surprised how easy it is to fool the average worker, especially if they are distracted by other work, or not expecting to be targeted.
If you answered no to any of the above questions, it may be time to upgrade your cybersecurity strategy. Our team of security experts are here to support your business 24x7x365 to ensure that no matter what type of threat enters your network, we can help keep your business secure.