Bytagig Cybersecurity MINI Quiz

Take The Cybersecurity MINI Quiz!

Please fill in your information to start the quiz.

How does your company install software security updates?

No set process for identifying and fixing CVEs.

We have a 30-day backlog of patches we need to install.

We actively track CVEs and are currently up to date.

The security community is constantly discovering vulnerabilities in popular software products, which are then publicly announced as a Common Vulnerability and Exposure (CVE). So software companies are constantly issuing security patches” to address those CVEs. The longer it takes your IT team to install those patches, the longer you remain vulnerable to attackers who constantly search for and exploit CVEs wherever they find them.

Does your company have strong password policy and controls?

We have no policies or controls.

We have some policies but no controls.

We use a password manager to ensure password strength.

Strong password policies include requirements on the length of passwords (at least eight characters), characters (at least one number and one other mark), rotation (e.g., quarterly), prohibition of reuse. Strong password controls are the mechanisms you use to make sure that users’ passwords do in fact meet your criteria for strength, rotation, and non-reuse.

Does your company utilize multifactor authentication (MFA)?

We never use MFA.

We use MFA everywhere.

We use MFA for a few key systems.

MFA is the use of two or more factors to grant a user access to a resource. For example, in addition to requiring a password, a system may send a one-time numerical passcode to a user’s smartphone that they then have to type into a challenge screen. Or a system may require an additional biometric identifier such as a fingerprint or facial recognition.

How are access privileges revoked from terminated employees?

No set process for revoking privileges upon termination.

All privileges revoked completely and immediately.

IT is alerted and revokes privileges manually.

Your current employees have lots of access to your data and systems. So when you terminate an employee, it’s important to revoke all of those access privileges. This is especially true in the case of a disgruntled employee who may want to do harm to your company as an act of revenge—or one who goes to work for one of your competitors.

What’s your company’s backup plan?

We have good backup files and occasionally test them.

We regularly test our backups against recover time objectives (RTO).

We perform backups and that’s about it.

Your backup files can be your last line of defense against a costly, extended business interruption. But it’s not enough to just copy your files. You must ensure that you could actually restore those files successfully to production-readiness if you needed to. You must make sure you’re backing up the files you need as often as you need to. And you must make sure that hackers can’t get to those backup files at the same time as they attack the rest of your business.

Are you optimizing your risk profile for cyber insurance?

Our policy and premiums are based on our current posture.

We actively seek to qualify for the best coverage at the best price.

We do not have a true cyberinsurance policy.

Cyberinsurance provides vital financial protections from the consequences of a cyberattack or other technology-related business interruption. But due to unsustainable losses, insurers are adopting increasingly stringent underwriting policies. To qualify for the right coverage at the right price, organizations must therefore be able to demonstrate that they have taken steps to minimize their prospective insurer’s exposure to risk.

How do you make sure your firewall is optimally configured?

We’ve had some tests, but it’s been a while.

We never get penetration tests.

We test our firewall regularly, like clockwork.

Your firewall is a key component of your cyberdefense—ideally capable of blocking any unauthorized network traffic while not blocking any traffic that your people need to be productive. But it’s not easy to achieve that balance. Any hackers will take advantage of any gaps in your firewall protection. So smart companies regularly test their firewalls from the outside (penetration testing) to find gaps and fix them before the bad guys do.