Executives often tell me that one of the hardest things about running a company these days is staying informed about the rapidly-changing technology landscape. As businesses continue to digitize, executives across all industries are being asked to remain up to date with the latest digital opportunities, challenges and threats.
For many professionals, though, the task of communicating with an IT team about operational issues can seem daunting. Here are five important questions that you can ask your IT team to spark a productive conversation during your next meeting.
1. Is any cybersecurity awareness and education taking place?
Right now one of the biggest threats facing your business could very well be your own employees. In fact, 74 percent of companies believe they are vulnerable to insider threats. And 7 percent claim they are extremely vulnerable.
Ask if your IT workers if they are doing anything to promote cybersecurity awareness. For instance, are they encouraging employees to update and use strong passwords, avoid suspicious links and websites and report nefarious looking emails? You may want to consider starting a cybersecurity newsletter, or consulting with a third party managed services provider about cybersecurity training.
2. Have you tested your DR system?
You may already have a disaster recovery (DR) system in place for backups and failover in the event of an unexpected network crash. But how effective — and affordable — is this system? Just recently, a hospital in Indiana was hit with ransomware that cascaded through its network, infecting and locking a large number of files. The hospital had a backup system available, but it was actually faster and more affordable to take a risk and pay the ransom to get their information back than it would have been to use it. Find out how effective your DR system is, how much it would cost to operate and whether it’s worth making improvements or adding third party support.
3. Do you have a plan in place in case you get hacked?
A cyberattack can happen at any time, and with no warning. And when it happens, it’s important not to panic. If you have a plan in place, the situation will be much easier to deal with. Keep in mind that a cyberattack could impact any area of your business, and so each department head should coordinate to form strategies and procedures to use in various hacking situations.
4. Are all of your systems patched?
Your IT team should be able to account for every device and system that is accessing your network on a daily basis. All company systems should be regularly patched with the latest security updates. You will also want to ask about personal devices, and find out what measures are being taken to prevent insecure devices from threatening the network.
5. How can we improve efficiencies?
One of the best ways to improve your data center is to identify wasteful practices. Your IT workers know your data center better than anyone else, and will be able to tell you what is holding the department back, what is worth trying to improve and how you can save money. As a group, try and find ways to lower your maintenance and operational costs.
Remember: Communication is one of the most important elements of a strong cybersecurity culture.
Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.
1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.