5 Cybersecurity Questions Every Business Leader Should Ask
Think cybersecurity isn’t an issue for your business? Think again. Every company, no matter how large or small, offers potential hackers a wealth of data and assets to steal. In fact—with more to take than an individual or family, less security than a large corporation, and (often) backdoor access to their bigger partners’ data—small businesses are an ideal target for the unscrupulous.
Here are five questions about cybersecurity you should ask today to help protect your company’s data, assets, and network.
1. Is My Business Cybersecurity System Robust?
Your cybersecurity suite should include basic firewall and identity protection; constant monitoring of your system for problems; anti-malware, virus, and spyware solutions; automatic patches. Invest in the best security solution you can reasonably afford.
While you are reviewing your security suite, also consider access to your network. Make sure that you are using the highest-level security available to you through your router (WPA or WPA2), that your router itself is physically safe, and that you have a secure access point for your employees separate from any customer-accessible ones.
Only 52% percent of businesses polled in a recent survey by NTT Com Security and Vanson Bourne have a full cybersecurity plan in place. Another 25% are currently in the process of implementing one. If your business doesn’t have a cybersecurity policy, you’re certainly not alone—but you are at risk.
If you do have a cybersecurity plan in place, review it with your IT department or managed services provider to make sure it is thorough and up-to-date. Your cybersecurity plan should cover standards like
- password creation
- physical security and access of equipment
- data encryption
- data backup
- maintenance of hardware, software, and security safeguards
- disposing of equipment and files
But it’s important that your cybersecurity plan also include newer concerns such as
- mobile device security
- social media security
- cloud computing
- the Internet of Things
- emerging types of threats such as ransom attacks and headless worms
2. Are My Employees Adequately Educated About Cyber Security Threats?
It’s not enough to have a strong cybersecurity policy. Frequently employees are unaware of the riskiness of their behaviors, which means they are unlikely to change them. You need to educate employees about threats and how your security policy addresses them.
“Train employees on cyber security best practices and offer ongoing support,” Bill Carey tells Jennifer Lonoff Schiff in “6 Biggest Business Security Risks and How You Can Fight Back.” “Some employees may not know how to protect themselves online, which can put your business data at risk,” Carey says. Offer “training sessions to help employees learn how to manage passwords and avoid hacking through criminal activity like phishing and keylogger scams.” In addition to email phishing and password management, these training sessions should include topics like securing mobile devices and avoiding social media threats.
Following these trainings, offer support on an ongoing basis to make sure employees stay up-to-date on emerging threats. Additionally, make sure you have the means to actually enforce your cybersecurity policy. Your policy can’t do you any good if no one in your company actually follows it.
3. Are My Employees’ Mobile Devices and Personal Computers Secure?
If you have a bring-your-own-device (BYOD) policy, it should include guidelines for securing employees’ devices and laptops. if your network is secure but the devices accessing it are not, you are at risk. “As more enterprises embrace BYOD, they face risk exposure from those devices on the corporate network (behind the firewall, including via the VPN) in the event an app installs malware or other Trojan software that can access the device’s network connection,” Ari Weil tells Schiff. Create policies for data encryption, password management, and network security for all mobile devices used for business.
Another concern: the security of remote work. Cloud computing is extremely convenient and allows for collaboration with business partners around the world, but it does come with its own security concerns. Employees using unsecured home networks or public WiFi could make your system vulnerable. Again, this should be addressed in your cybersecurity policy and associated training.
4. Is My Business Protected from Emerging Threats?
New digital threats emerge literally every day—at mind-boggling rates. “Every minute, we are seeing about half a million attack attempts that are happening in cyber space,” Derek Manky tells CNBC’s Harriet Taylor in “Biggest Cybersecurity Threats in 2016.”
That trend will only continue with time. As a report by McAfee Labs entitled “2016 Threats Predictions,” warns, “Five years ago, we thought that more users, more data, more devices, and more clouds were creating a perfect security storm of threats and vulnerabilities. Many of those predictions came true, but they were only the leading indicators of a much bigger storm, the acceleration of ‘more.’” The billions of cybersecurity threats we are seeing today are only a glimpse of what’s to come.
Are your system and your cybersecurity policy prepared for this future? If you’re not sure, ensure that your security system is constantly scanning your network for breaches, updating itself with new information, and patching itself to protect against newly reported threats. Build provisions for the future, including continuity measures in case of a natural disaster or similar situation, into your cybersecurity plan.
5. What You Can I Right Now
Every company should be concerned about cybersecurity—and every company can take immediate steps to increase its safeguards. Here’s what you can do today.
- When was the last time your business ran a security audit? (Hopefully the answer isn’t “never.”) Set one up today, then schedule them on a regular basis, such as quarterly, for the next year.
- Talk to your IT department or managed services provider about reviewing and revising your cybersecurity policy.
- If you aren’t already running a 24/7 scan of your system—one that automatically updates and patches itself—set one up now. Your IT department or managed services provider can help you choose and install a robust security suite (and/or provide monitoring).