Cyber Threats: 20 Questions You Must Ask to Protect Your Business
If the ‘new normal’ in 2020-21 was remote working, the ‘new normal’ for 2021-22 looks to be a blended work environment, with workers dividing their time between the home office and the workplace. If we’ve learnt one thing over the past fifteen months, it’s that cyber security is more challenging when staff work remotely. According to the National Crime Agency, ransomware attacks have increased dramatically in the UK this year, often accessing networks through phishing, remote desktop protocol services and via VPNs.
Whether your workforce is remote, in-person or hybrid, cyber threats are on the increase for organisations of all sizes. With (we hope) the worst of the pandemic behind us, now is a good time to ask your IT department some simple questions about your existing cyber security arrangements.
Cyber Threats: questions you must ask your IT department
- What Firewall are we using? Does it have up-to-date threat detection and prevention technologies?
- Is our system configured on the basis of least-access privileges?
- Are our remote users connecting to our network using a Virtual Private Network (VPN)?
- Are we running any out-of-date (unsupported) software? Out-of-date software can offer hackers a back door into your network.
- Is our email system encrypted? Unencrypted email is a frequent source of confidential information leaks.
- Do we have a password policy for our workers? Is it enforced?
- Do we require multi-factor authentication? If not, why not?
- Are we compliant with regulatory requirements for our industry?
- Is our sensitive data secure and backed up regularly?
- Do we regularly test our backups? A backup that’s never been tested puts your organisation at a significantly higher risk of failure in the event of a disaster.
- What percentage of our data is encrypted?
- What policies do we have in place to protect data from disgruntled or former employees?
- What is our policy regarding ‘bring your own device’ (BYOD) to work? How can we be sure that users’ devices are secure?
- What plans do we have in place to protect our data if an employee’s device is lost or stolen?
- Have we made sure our workers recognize the danger of opening links or attachments sent via email? Social engineering is becoming more sophisticated all the time. If it looks suspicious, it may be malicious.
- Have we educated our remote workers about the importance of setting a strong WiFi password on their home networks?
- Do our employees understand the risks of using public WiFi networks?
Cyber Breach Recovery
- Do we use an automated monitoring system to detect attacks in their infancy? This is a cost-effective solution that can thwart an attack before it gets serious.
- Do we have a disaster recovery strategy in place in case we become the victim of a malicious attack? When was it last renewed and updated?
- Do we understand our cyber threats risk level? Is it going up or down over time?
“Cyber threats will continue to be one of the most pressing concerns for organisations of all sizes, says Intersys MD Matt Geyman. “If you do nothing else to protect against them, make sure you can respond confidently to the twenty questions on the list.”
If you need assistance with your cyber security needs, Intersys offers a range of cyber security services – from an audit right through to a Security Operations Centre – designed for organisations of all sizes. Contact us for a no-obligation chat.