How would you rate your organization’s security preparedness?
Your network could be leaking data as you are reading this and you would not even know about it. In the past, security was only thought about when something big happened such as when Target had millions of credit cards stolen. (http://www.zdnet.com/article/how-hackers-stole-millions-of-credit-card-records-from-target/) Many companies read the news about Target and then brushed it aside thinking it would never happen to their organization. They weren’t like Target or they didn’t have the exposure that Target had due to their size. Did you know there are things called bots that are automatically searching the entire Internet for vulnerabilities? They do not care how big you are, they are looking for holes. Can your network stand up to the growing, changing and constant “testing of the castle walls” time after time?
In the past several years, I have noticed that business leaders are asking questions about the organization’s security stance, instead of thinking they were immune. It is great that questions are being asked, but are they asking the right questions and asking them on a consistent basis? A CEO will check in with the sales or the support team to find out how their month or quarter is going and will know the right questions to ask. Why not know the right questions to ask your IT department? Technology can make or break your organization. Companies have lost out to their competition because they did not embrace the importance of technology as a business enabler, let alone secure the technology properly.
To help you get started, here are five questions to ask your IT department. These questions can then be built on depending on the answers. If any of these items cannot be answered easily, then you know where you have to start in creating a more secure environment. Make sure to get the answers in a written format. This will help in the future.
- Do we have a formal security program in place? Please present me with a formal copy of our organization’s security program including all policies, training and plans.
- How often do we perform a security assessment internally? How often is a security assessment performed by a third party?
- Do we have a formal employee security training program in place? Please present me with our employees security training program?
- Please list the hardware and software we have in place to mitigate our security risk. Is this kept up to date?
- Are we proactively looking at our security infrastructure on a constant basis? How often does this happen? What types of logs/reports are we looking at?
Contact me with any questions or to discuss the state of your security.