Cyber Security Questions Every Business Should Be Asking

Following several recent high-profile cyber attacks, it is more critical than ever for organizations to evaluate their cyber defenses and ask themselves a number of basic cyber security questions to assess their vulnerability.

Each year brings new technological developments that improve people’s lives. Unfortunately, these advances also mean new cyber security threats and more attack surfaces.

However, dwindling resources, slow budget growth, increasingly hostile threats, the evolution of the Internet of Things, and expanding ransomware are major reasons why it is becoming more difficult to keep up with the changing threat landscape. Such reasons highlight the need for renewed organizational attention to cyber security. Is your organization vulnerable to a breach or cyber attack? Here are some of the cyber security questions every business should be asking.

• Are Your Employees Required to Have a Strong Password?
  Weak passwords are the cause of more than half of all data breaches, yet just 24% of small businesses enact policies requiring employees to have a strong password. It is critical to have a strict password policy in place to protect your network.
• And… Are Your Employees Required to Change Their Passwords Regularly?
  Employees must be required to change their passwords regularly to protect data. Nearly 65 percent of businesses do not strictly enforce their password policy, despite having one in place.
• Does Your Business Use Two-Factor Authentication, Where Possible?
  Wherever possible, you should add an additional layer of data security by enforcing two-factor authentication, such as SMS authentication.
• Do Your Employees Use Their Personal Smartphones for Work Purposes?
  When personal phones and devices are used on the office network, the chances of malware attacks increase significantly. To prevent data theft, give your employees passcode-protected work phones.
• Do You Back Up Your Files?
  Confidential files can become completely inaccessible following a cyber attack. Make sure to keep local backups of all critical files, as well as an offsite server.
• Does Every Company Device Have Antivirus and Malware Software Installed?
  Make sure that the most up-to-date versions of antivirus and malware software are installed and running properly on all organizational devices.
• Do You Limit the Number of Employees with Administrative Access to Only Those Who Need it?
  Administrative access rights should be assigned sparingly and given only to those employees who absolutely need it to conduct their jobs. Employees who are granted admin access must be trained and well-educated on security issues.
• Do You Encrypt Databases and Customer Information?
  Without encryption, your organization’s sensitive data and customer information is accessible to hackers. To reduce the vulnerability of your data, take steps to ensure all your information is encrypted.
• Are Your Employees Trained in Recognizing Phishing Emails?
  It can be particularly difficult for employees to identify phishing emails, which account for nearly half of all cyber attacks. It is crucial that every business train their employees to not respond to suspicious emails.

Is your organization prepared to handle a cyber attack? Are you looking for ways to strengthen your organization’s cyber security? IEEE offers both cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

References:

Bose, Shubhomita. (2017, August 28). 11 Cyber Security Questions Every Small Business Should Ask. Small Business Trends.

Gillin, Paul. (2017, January 30). Two-Factor Authentication: A Little Goes a Long Way. IBM Security Intelligence.

IEEE Cybersecurity Vulnerability Navigator, 2017.

Lindros, Kim. (2016, September 7). A Small Business Guide to Computer Encryption. Business News Daily.