Is Your Business Safe From Online Attacks?

In today's digital landscape, cybersecurity is not just a concern; it's a necessity. Is your business prepared to defend itself against online threats?

Take our quick and insightful quiz to find out!

Our quiz will help you:

Discover Your Cybersecurity Readiness

Cybersecurity is a critical aspect of running a successful business. Data breaches, ransomware attacks, and phishing scams are on the rise, targeting organizations of all sizes. Are you confident that your business is safeguarded?

How It Works:

Take The Cybersecurity Quiz!

 

Cybersecurity Quiz

-

Disclaimer: This guide is not a substitute for a rigorous technical analysis of your network, systems, user behaviors, and cyberdefenses. However, your answers to the 20 carefully selected questions in this guide should quickly help you understand where you can most likely benefit from an investment in better risk management.

Please fill in your information to start the quiz.

How does your company install software security updates?

 

The security community is constantly discovering vulnerabilities in popular software products, which are then publicly announced as a Common Vulnerability and Exposure (CVE). So software companies are constantly issuing security  patches” to address those CVEs. The longer it takes your IT team to install those patches, the longer you remain vulnerable to attackers who constantly search for and exploit CVEs wherever they find them.

Does your company have strong password policy and controls?

 

Strong password policies include requirements on the length of passwords (at least eight characters), characters (at least one number and one other mark), rotation (e.g., quarterly), prohibition of reuse. Strong password controls are the  mechanisms you use to make sure that users’ passwords do in fact meet your criteria for strength, rotation, and non-reuse.

Does your company utilize multifactor authentication (MFA)?

 

MFA is the use of two or more factors to grant a user access to a resource. For example, in addition to requiring a password, a system may send a one-time numerical passcode to a user’s smartphone that they then have to type into a  challenge screen. Or a system may require an additional biometric identifier such as a fingerprint or facial recognition.

How are access privileges revoked from terminated employees?

 

Your current employees have lots of access to your data and systems. So when you terminate an employee, it’s important to revoke all of those access privileges. This is especially true in the case of a disgruntled employee who may want to do harm to your company as an act of revenge—or one who goes to work for one of your competitors.

What’s your company’s backup plan?

 

Your backup files can be your last line of defense against a costly, extended business interruption. But it’s not enough to just copy your files. You must ensure that you could actually restore those files successfully to production-readiness if you needed to. You must make sure you’re backing up the files you need as often as you need to. And you must make sure that hackers can’t get to those backup files at the same time as they attack the rest of your business.

Are you optimizing your risk profile for cyber insurance?

 

Cyberinsurance provides vital financial protections from the consequences of a cyberattack or other technology-related business interruption. But due to unsustainable losses, insurers are adopting increasingly stringent underwriting  policies. To qualify for the right coverage at the right price, organizations must therefore be able to demonstrate that they have taken steps to minimize their prospective insurer’s exposure to risk.

How do you make sure your firewall is optimally configured?

 

Your firewall is a key component of your cyberdefense—ideally capable of blocking any unauthorized network traffic while not blocking any traffic that your people need to be productive. But it’s not easy to achieve that balance. Any hackers will take advantage of any gaps in your firewall protection. So smart companies regularly test their firewalls from the outside (penetration testing) to find gaps and fix them before the bad guys do.

Does your company segment administrative privileges?

 

The administrators of your IT systems (sysadmins) have the most far-reaching privileges in your organization. And they need those privileges to perform their everyday technical tasks. But if a hacker gets hold of those sysadmin credentials—which they invariably try to do—they can do virtually unlimited damage. That’s why it’s essential to limit the damage hackers can do by making sure no single administrative credential can grant them access to everything.

How does your company detect and stop digital intruders?

 

Getting hacked or phished doesn’t have to spell disaster for your company IF you can detect and interdict malicious activity inside your network before the invader can reach your most valuable data and systems. But to do that, you must have a reliable way of detecting indicators of suspicious activity in your environment. And you must be able to respond to the detection of such threats quickly and decisively.

How does your company view security and cybercompliance?

 

In an increasingly tech-centric world fraught with risk, effective security and cybercompliance are as central to an organization’s performance as its human capital, its intellectual property, its go-to-market strategy, or its financial management. That’s because security and compliance failures can permanently alienate customers, destroy brand reputation, and significantly diminish a company’s valuation in the eyes of investors.

Do you have a Chief Security Officer?

 

Effective cyberrisk management requires more than just installing some security tools. It requires strategic leadership to ensure that your security budget is being allocated wisely, that technology-related risks are proactively factored into executives’ business decisions, and that your organization’s security and cybercompliance posture is subject to the discipline and accountability needed for continuous improvement.

Do you have an incident response (IR) plan?

 

Despite all your precautions, your organization may still get hit by ransomware or some other type of cyberattack. But you can still significantly reduce the short- and long-term adverse impacts of those incidents by responding quickly and decisively. And your IR plan needs to encompass more than just restoring data from backups. It has to include pre-rehearsed processes for identifying and neutralizing the attack, communicating with employees via alternative channels, and making appropriate disclosures to customers.

How do you secure remote work and WFH employees?

 

Organizations increasingly depend on remote workers. Some of those remote workers are salespeople, field service workers, and other road warriors who need to stay productive wherever they are. Others are the new generation of work-from-home (WFH) workers who only come into the office when they need to. Any organization seeking to attract the best talent—and to keep that talent productive even if extreme weather or a natural disaster keeps them from coming to the office—therefore needs to safely enable remote work.

Have you implemented special protections for special data?

 

Every bit and byte and every computer in your organization and every application you use in the cloud is data. But not all data is created equal. The flier announcing your next company picnic is not the same kind of data as the HR file where you keep all of your employees’ Social Security numbers and ACH banking instructions. An effective risk mitigation strategy treats each of these data types appropriately in terms of access controls, encryption, backup, and other cybersecurity measures.

How does your company address cybercompliance mandates?

 

Just about every company is subject to regulatory mandates regarding the way it manages data. For companies that handle credit cards, that mandate is PCI. For healthcare, it’s HIPAA. For financial services, it’s SEC and FTC guidelines. Compliance with these mandates requires that companies implement specific types of cybercontrols. Compliance also requires that companies be able to document their implementation of those controls to auditors.

Do your employees email sensitive information “in the clear?”

 

Business email compromise (BEC) is a common occurrence—which is just one reason that your employees should never transmit sensitive data such as Social Security numbers and banking information as plain text in their unencrypted emails. Organizations can prevent this from happening by implementing a number of measures that include employee training, email encryption, recipient authentication, and data loss prevention (DLP) technologies.

How are you managing your physical security?

 

Cybersecurity isn’t just about keeping criminals from hacking you over the internet. It’s also about keeping them from getting to your sensitive data and critical systems by more ordinary means, such as simply sticking a thumb drive into an open USB port. To maintain this physical security, organizations must control physical access with the same rigor as they do digital access.

How are you securing your use of the cloud?

 

Cloud-based applications and services offer compelling value by allowing your organization to acquire new digital capabilities without the additional capital and operational  expenses associated with deploying more IT infrastructure internally. But your cloud providers are not responsible for your security and compliance. You are.

Do you subject your vendors to cybersecurity requirements?

 

Once cyberattackers succeed in compromising one organization, they often use that beachhead to launch attacks on other adjacent organizations. So if you do business with companies that are lax when it comes to cybersecurity, they are putting you—and your customers—at risk every day. The solution, of course, is to set some minimum standards for your vendors—and to require them to provide some documentary evidence that they are in fact fulfilling those standards.

How does your company train users to resist “phishing” attacks?

 

Cybercriminals commonly penetrate an organization’s cyberdefenses by tricking users with fake emails and/or deceptive phone calls (“phishing”). One of the most important ways organizations protect themselves against these social-engineering tactics is to train their users in best practices for safe computing. The safest organizations also perform simulated phishing attempts on themselves to see if the training has been effective.

0%

Exit

Apply for a FREE Vulnerability Scan

Let our cybersecurity experts check your business IT for threats​

Our security experts will assess your IT System and infrastructure and provide helpful recommendations to thwart attacks and improve cyber security for your business.