We don’t need to dwell on the urgency of having a cyber-security plan for your company. It’s all over the news. Yet, many companies are ignoring the threat altogether. Cyber-security should be on the top of every IT manager’s and business owner’s mind. If you are connected, you are at risk.

QUESTIONS TO CONSIDER:

• What are your biggest security concerns and does the staff have the budget and expertise to address them?
• Have you recently done any type of security review on your people, processes, or technology?
• Have you adopted any cloud-based applications and if so, do you know what risks that has created?
• Does your organization limit information system access to authorized users, processes, or devices?
• Do you have a contingency plan in case of an emergency or disaster?
• Do you limit physical access to systems, equipment, and operating environments to only authorized individuals?

PROCESS:

• What process is in place for risk management?
• Have the costs for security breaches been calculated, including reputation cost?
• What steps are taken in the event of a security breach?
• What is the business continuity/disaster recovery plan?
• Are security assessments being conducted to identify potential problem areas?

PRODUCTS:

• Does the firewall include modern functions, such as application awareness and network intrusion detection?
• Is anti-virus installed on all endpoint devices?
• What cloud-based security options are available?
• What functions (e.g., remote wipe, data encryption, etc.,) should be enabled on mobile devices?
• How is data being managed, classied and tracked?
• What is in place to track any compliance requirements?