As the leader of your staffing organization, the future wellbeing of the company rests on your shoulders, which includes the security of your network, data and proprietary customer information. Here are six key questions you can use to have a discussion with your IT team about your current cybersecurity readiness.
1. Do we have a robust incident response capability in place?
What you want to hear: Yes, we have software that provides alerts and possibly a third-party provider to help monitor our system around the clock even through quarantine or other isolation capabilities.
Warning sign: No, we do NOT have anything in place to monitor anomalous or known bad activity on servers, workstations and laptops at all hours.
What can be done immediately: IT should consider deploying a next-generation, endpoint detection and response security tools. This type of software is quick to deploy and provides visibility and alerts to help quarantine the infected machine(s) and minimize the extent of the disruption.
2. Do we have a program to scan our network and applications for vulnerabilities?
What you want to hear: Yes, our company has a regular program to scan our network, applications, web services and networked devices inside and from the internet in place.
Warning sign: No, we do NOT regularly scan our network, software applications and device configurations.
What can be done immediately: Ask IT to conduct a vulnerability scan as soon as they can to begin to identify and patch or remediate any high risk and critical vulnerabilities. At a minimum, this should be done quarterly on internal assets and from an internet perspective.
3. Do we have good backups of critical systems, data and configurations?
What you want to hear: Yes, in case of a cyber event, our company has good backups of critical systems, data and configurations, and we have tested them. The backups are stored offsite or in the cloud so they won’t get damaged or deleted.
Warning sign: No, we do NOT have the ability to successfully restore operations from a backup, and/or backup files are onsite.
What can be done immediately: Confirm that all IT systems are included within the backup solution and ensure that they are tested periodically to work when needed. Treat backup files as critical data and ensure the backups are segmented and isolated from the rest of the network. Also, ensure a full copy of the backups is stored offsite and is inaccessible to any ransomware or malware that might break loose in your environment.
4. Do we have an incident response plan for a cyber-attack?
What you want to hear: Yes, our company has a solid plan in place that has been tested, and our employees understand their roles and actions depending on the situation.
Warning sign: No, there is NO cyber-attack or overall incident response plan.
What can be done immediately: Identify who your employees need to contact if a cyber incident is happening. Document the expected actions to be performed in the event of an incident and perform some tabletop tests of the plan before a real event occurs. You may want to consider a cyber 911 call service that will focus the incident response activities to stabilize the environment and begin the recovery process.
5. Do we have an employee security awareness program?
What you want to hear: Yes, our employees are our best source of defense and we have a continuous testing program in place, so our staff stays alert and vigilant.
Warning sign: No, our employees do NOT understand the extreme threat that phishing emails can pose to our company.
What can be done immediately: Phishing emails remain the easiest and most likely way to get into your business to steal data, access your internal network or begin the staging of malicious software. IT or an outside vendor can build an internal program to train and educate them about suspicious emails in their inboxes, instant messages, texts and calls.
6. Do we have cyber insurance?
What you want to hear: Yes, we have a cyber insurance policy that clearly outlines what the policy does and does not cover, and we understand the carrier’s role versus your role. For operational risks not covered by insurance, our company has taken the proper steps.
Warning sign: No, we do NOT have a cyber-attack or overall incident response plan.
What can be done immediately: An insurance broker can provide guidance on a policy and help you manage your risk appetite for a cyber loss. Ask specific questions on what losses are covered, including such things as public relations, ransomware payments, incident responders, and digital forensics.