Mid-sized Businesses 2016 Resolution: Improve Your Cybersecurity

January 08, 2016

Many mid-sized businesses do not spend time or money thinking about the security of their networks, especially if they have not been seriously compromised previously or they don’t have compliance mandates to meet (SEC, FINRA, HIPPA, PCI-DSS).

That needs to change in 2016.

Organizations without a cybersecurity plan have become the new attack vector for the bad actor. Mid-sized businesses have valuable assets and a valuable customer base to infiltrate (Example: Target’s hack via HVAC vendor, more). The increase in cyber threats has resulted in organizations asking their supply chain partners to have a more advanced security profile.

Is your company prepared?

NetWatcher has created a scorecard for you to find out how well your business is prepared. This doesn’t replace a thorough audit, but it will help determine when your company stands and what areas need improvement.

YESNO
BUSINESS
1. Do you have “Cyber” Liability Insurance?15-15
2. Do you have cyber security related policies in your employee policy handbook? (what your employees are allowed to do on the corporate network…)5-5
3. Do you have corporate/agency wide cyber security related IT policies that cover items such as encryption, BYOD, logging, equipment disposal etc.?5-5
4. Is a business executive (versus IT executive) responsible for developing and maintaining a cross-functional approach to cyber security in your company/agency?10-10
5. Do you require your suppliers / contractors to have cyber liability insurance, documented corporate cyber security policies & infrastructure protection (more than a firewall/anti-virus) as part of their contracts?5-5
6. Do you have a cross-organization cyber security response plan that all employees train on yearly?5-5
7. Has the executive team determined (and documented) what are the most important assets to protect in the company/agency and taken action to ensure those assets are the focus of the company’s cyber security strategy.10-10
8. Do you train your entire company/agency on cyber security 101 (example: to ensure they know how to spot a phishing message)?10-10
TECHNOLOGY
1. Are you protecting your corporate/agency network & assets with more than a firewall and anti-virus? (intrusion detection, intrusion protection, security information & event management (SIEM) system, end-point protection, encryption, scheduled and tested backups etc..)15-15
2. Have you moved (or are you moving) your line of business systems to a secure cloud provider?5-5
3. Do you have a working process for keeping assets up to date with the latest software/firmware (including WIFI’s, routers, switches, laptops, servers etc..)5-5
4. If you allow your employees to bring their own device to work (BYOD) do you have the infrastructure in place to ensure these devices will not bring malware into your environment?5-5
5. Do you require Secure Virtual Private Networks (VPN) for regional offices, remote/roaming users?5-5
TOTAL

Grading System:

  • >90 = A
  • 80-90 = B
  • 70-80 = C
  • 60-70 = D
  • <60 = F

How did you score?

How does your company score? Solutions like NetWatcher can help you enhance your cybersecurity posture through 24×7 monitoring and real-time threat alerts.

Let’s make a new year’s resolution to increase your company’s score. Your customers, partners, and investors will be glad you did.