Determine your Cyber Risk!
In our previous blog we talked about why you should be concerned with your business’s cyber security risk. Today we are going to dive into how to determine the actual risk.
Secure IT starts with a Cybersecurity Risk Assessment
WARNING – NOT all Cybersecurity Risk Assessments are the same! It seems today, everyone is offering to do some sort of Cyber Risk Assessment – the question to ask is what are they actually offering?
Cyber Risk is a complex thing and can’t be determined comprehensively without using a combination of tools and techniques. Using a tool and making blanket statements, is more about trying to sell you the product/service than it is about actually determining your cyber risk.
What should be in a Comprehensive Cybersecurity Risk Assessment?
Comprehensive Network Assessment should determine:
- A complete inventory of devices connected to the network.
- Are they authorized?
- Are they updated?
- Are they patched?
- Warranty Status
- System Review
Security Assessment should determine:
- Internal Threats
- External Threats
- Review of Standard Best Practices Policies and Procedures
Data Risk Scan should determine:
- What is data?
- Where is the data?
- What data is at risk?
- Who has access to the data?
Dark Web Search should determine:
- What usernames and passwords are known to be compromised?
- What breach they were found in?
- When did the breach occur?
NOTE: Since this is a search of known information that is part of published databases, it is only reporting past events. Dark Web monitoring is looking for updates as soon as they are found.
Simulated Phishing Campaign should:
- Test the employees ability to recognize phishing emails.
- Provide immediate feedback
- Offer Security Awareness Training – if desired
Cyber Liability Insurance Review should:
- Review the Incident Response Checklist
- Verify that you know what is and what isn’t covered and the limits**
**Only a licensed Insurance Agent can legally review this information with you and discuss coverages.
You get what you pay for: Beware of FREE Cyber Risk Assessment offers. Cyber risk management takes skilled people, solid processes, and of course technology and that isn’t FREE. FREE offers typically lead immediately to an immediate SALES CALL (that is why they offer it for FREE) they hope that whatever specific process they use will show you the need for their specific product or service.
Have a question? Reach out today! (256) 513-8206
PCS Provides Total Secure IT Services
When is the last time you considered exactly what is at risk within your business? Do you know what a cybercriminal “hacker” is after and why you might be their next target? What do you do if and when hacked? These questions and more will be answered in our upcoming blog.