Five cybersecurity posture questions for all organisations
1. If one of our computers is lost or stolen, whose privacy may be breached because of the data stored on that computer?
If you encrypt your computers' hard drives π’π―π₯ require strong passwords, then you significantly reduce the risk of a privacy breach if a computer is lost. If not, these are controls you should strongly consider. A password alone isn't sufficient.
2. Do we know what information is critical to our business? And what would we do if something catastrophic happened to it, like ransomware or a hacker deleting it?
Regular backups, where your critical data is copied to another safe location, offer protection against loss, theft, or destruction of your data. You should have a plan for everything your business relies on β even your data in the cloud.
3. Are all systems that contain data critical to our business protected with multi-factor authentication?
When you login to a system, if it doesn't require a second step after your password, then you're likely π―π°π΅ using multi-factor authentication. Anyone with your password, which may already be on the dark web, can access your data β putting you, your customers, your staff, and your business, at risk. Make sure you enable multi-factor authentication, and if your system doesn't support it, then consider finding an alternative that does.
4. Who has worked for us before that may still have access to our systems and data?
Even if they themselves aren't going to do anything nefarious with that access, it's another avenue where your data may be breached. Keep your risk exposure as low as you can by having a solid offboarding procedure, and periodically auditing who has access to all your critical data.
5. Do our staff know how to detect malicious emails and websites that may try and scam them?
Cybersecurity awareness training is often included at no cost in your cybersecurity policy. And if not, there are plenty of inexpensive and free training videos out there. Make sure to have your staff review these, at least annually, to stay up to date with the risks. Australian businesses are losing millions of dollars a year to scams β don't become a part of this statistic.
β
Organisations of all shapes and sizes are constantly being attacked, and often don't even know it. There are many more protections that are important, but start with the above, and you'll be in a much better place.
Need assistance assessing your cybersecurity posture? Reach out to us and letβs chat about how we can help.