Cyberattacks and Small Business

3 Cybersecurity Questions Business Leaders Should Ask Their IT Team


Written By: Joe Malott

Print Friendly, PDF & Email

Cyberattacks are a threat to businesses of all sizes. In many organizations, the owner, president, CEO, or CFO has the difficult responsibility of overseeing the IT department (or working closely with the IT vendor). We understand this can be challenging. Your role is focused on business strategy, yet you have to ensure your company data and customer data are secure.

While you may not be adept at tech issues, you can work with your IT team to make sure the company is doing everything possible to prevent cyberattacks. Communication is the key. Below are three questions to ask your IT team so you can be confident when reporting to your board or company executives about the security of your company’s data, and your role in overseeing IT.

1. How susceptible are our employees to a phishing attack?

A phishing attack is a form of social engineering that cybercriminals use to deceive users and exploit weaknesses in your network security. These attacks often come in the form of an email and look very real, but they lead to malicious downloads that could hold your data for ransom.

Additionally, what is our plan to reduce our vulnerability?

Of the organizations and companies we have worked with to determine their overall vulnerability, we have found that while their initial vulnerability tests may be high, there are proven, quick and efficient ways to train and educate employees to spot cybersecurity threats. The bottom line is, your company can purchase the most advanced firewalls and security software there is, but one wrong click could result in all of the data on your network being hijacked by a ransomware virus.

Find out what percentage of your employees are phish-prone by requesting our phishing cybersecurity assessment. Contact us today to facilitate your phish-prone assessment and see how your organization compares to others in your industry.

2. What is our password policy?

It doesn’t take an IT whiz to figure out that the more complex your passwords are, the more difficult they are to crack. While at least having a password policy is great, having a complex password policy is preferred. We recommend your complex password policy includes, but is not limited to:

  1. Change passwords regularly – at a minimum, every 90 days.
  2. Set a minimum password length – for example, 14 characters.
  3. Require special characters and capital letters.

PRO TIP: Consider implementing a policy that recommends that employees use “passphrases” rather than passwords as they can be more complicated to crack, but easier for the employee to remember.

Don’t be afraid to ask these questions to get a better understanding of how your company is currently handling the cybersecurity threat. Even if you are not directly responsible, if there is ever a cybersecurity attack on your company, someone will pay for it – figuratively, and literally. We want you to be prepared, so you can take comfort knowing that if (or grimly, when) the day comes, at least you can say you and your employees did everything you could.

You may not be an IT expert, but having a good understanding of what your company policies are regarding cybersecurity doesn’t take years of IT experience, it just takes asking the right questions and ensuring the work is being done.

3. When was our last software update and patch?

It is critical to keep all of your computers’ software and patches as current as possible. I know what you are thinking – that is great, but what is a patch? Software companies, such as Microsoft, constantly release software security updates and “patches” that need to be applied to the computers on your network to keep them as secure as possible. When your patches and software are not up to date, you are significantly more vulnerable to viruses and malware.

PRO TIP: Request regular patch reports that you can keep on file should you ever be in a situation that you need to prove your software is up to date. It is a simple way for you to be sure your team is updating all computers on the network regularly, and these reports may also come in handy when negotiating cybersecurity insurance.

Bonus. Where and how do we back up critical data and how do we restore it?

Have you ever thought about what course of action you would take should your data become compromised? It’s an important matter that is often overlooked. In the event of a ransomware attack or disaster, have you considered where your data is and how you can recover it? Many organizations have a good backup and recovery solution in place but fail to test it regularly. Just checking regularly to see if the backup has run “successfully” is just not good enough. Recovery of backup data needs to be tested regularly to ensure if (or more likely when) you need it, the data can be restored as quickly and efficiently as possible to ensure as little downtime for the organization as possible.

PRO TIP: Having a business continuity and disaster recovery plan in place will protect your business from catastrophic data loss.

YYYC can support your IT team in the defense against cyberattacks with YeoSecure.

Our comprehensive cybersecurity monitoring and compliance solution, YeoSecure, transforms the way companies detect, investigate, and respond to cyber threats. YeoSecure provides 24/7/365, enterprise-grade cybersecurity monitoring and support while cutting costs and keeping your IT team from scrambling to detect and troubleshoot cyberattacks.

Learn more about how YeoSecure can help your organization detect, respond, and comply.

Want To Learn More?

Connect with one of our professionals today.