Cyber threats are increasing each day, making it imperative for all types of businesses to take steps to ensure their data and networks are secure. As the owner of a business, you may have left these issues to the IT department; however, it’s a good idea to stay knowledgeable about the threats your company faces. You should also know what plans and methods the company’s IT department has in place.
As a part of the upper management of the company, or as an owner, you have to stay in the know when it comes to all aspects of your business, including cyber threats. While you may not be adept at tech issues, you can work with your IT department to make sure the company is doing everything possible to avert cyberattacks. Communication is the key.
We’ve put together five questions to help you in discussions with your IT team on how cyber threats and security are managed.
Five Questions to Ask Your IT Department
1). How do you let company leaders know about cyber risks?
Communications are important to all aspects of running a business. Departments and team members need to have open communications in order to keep the company functioning well. It’s the same between upper management and the IT department.
Upper management needs to stay informed and be informed about all types of cyber threats, weakness in the company’s network, and steps the IT department will take in the event of a cyber breach or other cyberattack.
As a company leader, it’s imperative you are informed on all aspects of the company’s cyber security. Regular meetings with the IT department can help keep you involved with important decisions and informed.
2). What type of cyber risks do we face? What plan do we have in place to address these risks?
These are two questions, but they’re related. In fact, cybersecurity involves more than just depending on a checklist. It depends on being aware of the current risks your company faces each day. This means it’s critical for your IT team to constantly monitor cybersecurity risks each day, at each level of the company.
You and the IT team need to sit down and evaluate which areas of the company are more prone to attacks, which data is the most sensitive, etc. Assess these risks and the possible outcomes in order to create the most strategic plan to keep the company going in the event of a cyber breach.
3). Are we following best practices and industry standards when it comes to cybersecurity?
Cybersecurity involves more than just identifying risks; it also involves following the best practices and industry standards to keep sensitive data safe. Does your IT department know and use best practices in managing cyber risks? Do you know if the department follows industry standards to protect the company’s information?
Asking this question will bring awareness to higher standards and methods needed to protect your company’s data across the board. It will also ensure that the company is taking proactive strategies to keep the company safe, while having a method in place to get back up and running in the case of a cyberattack.
This could involve having a written policy, which would serve as a guide for all cybersecurity measures and methods to be used for every day and in case of a security breach. A guide keeps everyone in the company informed on next steps, necessary communications, etc. Everyone will know what to do.
4). What types of cybersecurity threats do we face each week? What threats have been regularly identified?
The IT department should be able to create a report on the malicious threats the company has faced over the past weeks. Ask how many cyberattacks have been detected and what those threats were.
Your IT department should be regularly monitoring these threats and detect vulnerabilities in the company’s network. This means constant monitoring, analysation of data, etc. from different sources, then sharing this data with upper management on a regular basis.
This way, you’ll be sure the IT staff are busy protecting the company and keeping you informed so you can all work together to keep the company network safe from threats.
5). What is Our Cyber Threat Response Plan? Do We Test It? If So, How Often?
Ask about your company’s cyber threat response plan or if you have one. There should be a plan in place to alert management about regular threats, which can easily be monitored in real-time. In addition, staff should be in place to identify risks and threats.
Be sure to ask what happens if there is a breach. What is the plan? What happens if the supply-chain is interrupted? What happens if customer or vendor data has been jeopardised?
Also ask these questions:
- Do we have a backup plan? What data is backed up and how often?
- Do we have a recovery plan in place? If so, then what is that plan and how does it work?
- Do we test our cyber threat response? If so, then how often? What are the results?
Having a plan in place can help prevent attacks, or in the event of an attack, can help to minimise damage. Being prepared for a cyberattack is key.
The plan should be written down and accessible to everyone. This way, everyone will be informed and know what to do in case of a breach. Procedures should be developed to both protect the company and offer a way to recover if the worst happens.
Cyberthreats will continue to be a growing problem in the months and years ahead. As a business owner, or if you’re part of the upper management, then you need to stay informed about current and future threats and know how IT staff keep the company safe, and learn about their response plan in case of an attack.
Communication is key between you and the IT department. Asking these questions will keep you informed and help you work with the IT department to keep your company safe and secure.
12th December 2019
6th December 2019
1st December 2019