Top 10 Business Cyber Security Questions to Ask Yourself
Is your Business an easy target for cyber criminals?
Cyber Security is always a top concern with businesses no matter what size they are. Our experts at CBTS Hawaiian Telcom recommend these Top 10 Cyber Security questions for businesses. They should give you an idea of where you are in your security posture.
- Do you have a current, and regularly updated, inventory of all hardware and software assets? If you don’t know what exists, you cannot effectively protect it.
- Is your business obligated to comply with any industry or government mandated compliance frameworks (HIPAA, NIST, PCI, etc.)? If you take credit card payments or keep customer data and do not follow Federal regulations you risk facing stiff fines and other penalties, not to mention the risk of damaging your company's reputation. What is more, these requirements are the bare MINIMUM a businesses must adhere to. They are not necessarily the recommended best practices.
- Do you have an employee security awareness program in place, and do your company leaders communicate the importance of participating in it? Attackers always find new ways to trick employees. Businesses need to educate their employees about what these tricks might look like.
- Do you have an enterprise Anti-Virus or EDR solution that is centrally managed and actively monitored? Active monitoring is key when it comes to timely incident response. It helps to make sure the platform is protecting all assets as expected.
- Do you have a documented data recovery plan that includes the priority in which data should be restored? Data recovery is not instantaneous. It is important to have a pre-determined recovery plan. Make sure your plan includes the priority in which systems are restored in the event of a wide-scale security or data loss incident.
- Do you have a process in place to ensure all assets are updated regularly and reviewed for misconfigurations or unapproved changes? If you do not have a repeatable process to address updates and changes, they might get missed.
- Are the use of “administrative” accounts limited to only those who need them, and only when they need to perform administrative functions? Reducing the use of administrative rights often decreases the likelihood of a successful compromise and reduces the impact if it does occur.
- Do you have a documented incident response plan, and when was the last time it was reviewed/practiced? Make the tough decisions before the emergency, and practice your plan to ensure it meets your expectations.
- Does your access rules design (file permissions, firewall rules, remote access, etc.) utilize the “least privileged” methodology? Limiting the amount of access individuals have to only what they need helps reduce the risk of accidental and intentional data loss.
- Are you following a “layered security” methodology? "Layered security" makes sure that the access to critical data is protected by multiple methods to prevent and detect unauthorized access. No single solution is perfect, so using layers of protection increases the odds of preventing a compromise.
Do you have a question about cyber security? Contact our experts at 808-777-6027 or visit our website for more information.