Take This Quiz To Find Out!
If your current IT company does not score a “Yes” on every point, they are NOT adequately protecting you. Don’t let them “convince” you otherwise and DO NOT give them a free pass on any one of these critical points.
- Have they met with you recently – in the last 3 months – to specifically review and discuss what they are doing NOW to protect you? Have they told you about new and inexpensive tools such as Dark Web monitoring for your firm’s credentials or advanced endpoint security to protect you from attacks that antivirus is unable to detect and prevent? If you are outsourcing your IT support, they should, at a MINIMUM, provide you with a quarterly review and report of what they’ve done – and are doing – to protect you AND to discuss new threats and areas you will need to address.
- Do they proactively monitor, patch and update your computer network’s critical security settings daily? Weekly? At all? Are they reviewing your firewall’s event logs for suspicious activity? How do you know for sure? Are they providing ANY kind of verification to you or your team?
- Have they EVER urged you to talk to your insurance company to make sure you have the right kind of insurance to protect against fraud? Cyber liability?
- Do THEY have adequate insurance to cover YOU if they make a mistake and your network is compromised? Do you have a copy of THEIR CURRENT policy? Does it specifically cover YOU for losses and damages?
- Have you been fully and frankly briefed on what to do IF you get compromised? Have they provided you with a response plan? If not, WHY?
- Have they told you if they are outsourcing your support to a 3rd-party organisation? DO YOU KNOW WHO HAS ACCESS TO YOUR PERSONAL COMPUTER AND NETWORK? If they are outsourcing, have they shown you what security controls they have in place to ensure a rogue technician, living in another country, would be prevented from using their free and full access to your network to do harm?
- Have they kept their technicians trained on new cyber security threats and technologies, rather than just winging it? Do they have at least ONE person on staff with CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification? Do they have anyone on staff experienced in conducting security risk assessments?
- Do they have a ransomware-proof backup system in place? One of the reasons the WannaCry virus was so devastating was because it was designed to find, corrupt and lock BACKUP files as well. ASK THEM TO VERIFY THIS. You might *think* you have it because that’s what your IT vendor is telling you.
- Have they put in place a WRITTEN mobile and remote device security policy, and distributed it to you and your employees? Is the data encrypted on these devices? Do you have a remote “kill” switch that would wipe the data from a lost or stolen device, and is that data backed up so you CAN wipe the device and not lose files?
- Do they have controls in place to force your employees to use strong passwords? Do they require a monthly password update for all employees? If an employee is fired or quits, do they have a process in place to make sure ALL passwords are changed? Can you see it?
- Have they talked to you about replacing your old antivirus with advanced endpoint security? There has been considerable talk in the IT industry that antivirus is dead, unable to prevent the sophisticated attacks we’re seeing today.
- Have they discussed and/or implemented “multi-factor authentication” for access to highly sensitive data? Do you even know what that is? If not, you don’t have it.
- Have they recommended or conducted a comprehensive risk assessment every single year? Many insurance policies require it to cover you in the event of a breach. If you handle “sensitive data” such as medical records, credit card and financial information, tax file numbers, etc., you may be required by law to do this.
- Have they implemented web-filtering technology to prevent your employees from going to infected websites, or websites you DON’T want them accessing at work? Porn and adult content is still the #1 thing searched for online. This can expose you to sexual harassment and child pornography lawsuits, not to mention the distraction and time wasted on YOUR payroll, with YOUR firm-owned equipment.
- Have they given you and your employees ANY kind of cyber security awareness training? Have they offered to help you create an AUP (acceptable use policy)? Employees accidentally clicking on a phishing e-mail, downloading an infected file or malicious application is still the #1 way cybercriminals hack into systems. Training your employees FREQUENTLY is one of the most important protections you can put in place. Seriously.
- Have they properly configured your e-mail system to prevent the sending/receiving of confidential or protected data? Properly configured e-mail systems can automatically prevent e-mails containing specified data, like tax file numbers, credit cards, bank account details, from being sent or received.
- Do they allow your employees to connect remotely using Remote Desktop, GoToMyPC or TeamViewer? This is a sure sign to be concerned! Remote access should strictly be via a secure VPN (Virtual Private Network) connected to a next generation firewall device with multi factor authentication.
- Do they offer, or have they at least talked to you about, Dark Web/Deep Web ID monitoring? There are new tools available that monitor cybercrime websites and data for YOUR specific credentials being sold or traded. Once detected, it notifies you immediately so you can change your password and be on high alert.
Did your IT company FAIL the quiz? Are you worried they might NOT be delivering the protection you need and want? Then allow us to perform a FREE Security Risk Assessment for your organization.
Just like a cancer screening, a good assessment can catch problems while they’re small, which means they will be a LOT less expensive to fix, less disruptive to your organisation AND give you a better chance of surviving a cyber-attack. To secure yours, go to https://www.myinfotechpartner.com.au/ps-cyber-risk/