Most companies still treat their backup/disaster recovery and security separately. In years gone by, viruses were an epic drain to productivity, but now these Cyber incidents are crimes. Some companies implementing their ‘disaster plans’ could actually put the organization in more danger.
The language around these Cyber events or incidents tend to down play the significants of our current environment. The verbiage seems to elude to or paint a picture of mass obviousness of the ‘event’ starting. According to the annual Data Breach Incident Report evaluating 1,037 small to medium business cyber breaches, 93% of the breaches were financially motivated. In 80% of these financially motivated attacks, the report categorizes the threat actors as Organized Crime. Further, the report shows that 40% of these financial breaches took weeks to discover and another 40% took months to discover.
Here is a cybersecurity checklist to help assess your company’s security posture. If your workforce is remote or hybrid, these items are all the more important!
❑ Are your employees trained in doing the basics to prevent breaches?
❑ Are you guarding your employees against different phishing attacks? Hacking incidents are up 400+% since Covid-19 crisis began and social engineering is responsible for most of these.
❑ Are strong passwords and username protections and two-factor
authentication required?
❑ Is your sensitive information safeguarded. Is sensitive data encrypted and proper protocols in place?
❑ Have you deployed a firewall? Most ISP provided devices have the exact same passwords.
❑ Have you mandated 2 factor authentication and VPNs for remote use?
❑ Are employee WiFi connections separate and secure. Do employees understand that
there should be no use of public WiFi connections?
❑ Have all remote platforms and applications been approved by your IT/Security team?
❑ Is there visibility into remote worker activities by your IT/Security team?
❑ Do employees understand that work use should be kept separate from personal use for laptops, PCs, and smartphones?
❑ Do you encrypt where possible?
❑ Do you have a regular data backup system which includes business continuity?
❑ Is there a policy of ‘Zero Trust’ and limited/authorized only access? Managing access is a key requirement for any cybersecurity
policy.
❑ Do you communicate regularly with leadership on security threats and options?
❑ Do you have an incident response plan for the next unexpected event?
