Wed, November 3, 2021

Are you putting cybersecurity first?

Here are Seven questions you should be asking –

The theme for Cybersecurity Month this year was ‘Cybersecurity First.’ The point was to underscore the importance of building security into products, processes, workflows, standards, communications, and anything else that touches the internet or some other network.

One of the most significant challenges in cybersecurity is knowing your vulnerabilities. Without enough controls in place, your network could fall victim to vulnerabilities in web applications, shadow IT, or through multiple other email threats. Some people resist basic security procedures because they are inconvenient, with some failing to consider the hidden dangers around IoT (Internet of Things). An example of how extreme this had gotten one company was hacked through the IoT sensors in a fish tank. The attackers connected through these sensors and moved laterally throughout the unsegmented business network to further their attack.

While this example is one of many that shows the fundamental cybersecurity awareness problem with IoT, it’s easy to assume that a fish tank cannot be hacked.  But it’s just as easy to believe that a connected device can be hacked. People tend to think about the fish tanks, not the network-connected sensors.

Here are seven Key Cybersecurity Questions you need to consider –

The Cybersecurity First theme reminds you to ask some basic questions to protect your company. 

1. How are we training employees to protect their credentials and recognize security threats?

2. Can this remote-controlled thermostat/coffee pot / fish tank be secured from intrusion and bot activity?  

3. Is this application being developed with security in mind?

4. Are we using the principle of least privilege to protect data and assets?

5. Is the business network properly planned and segmented?

6. Are there any mobile devices that could introduce a threat to the company network?

7. How are we preventing data loss through accidental disclosures or malicious activity?

Every company must answer these questions and many others like them, depending on their environment. It can get much more complicated when companies take on large IT projects or move to new facilities with greater automation built into operations. To learn how we can help you better protect your business and keep your company safe, contact us at 502.262.2552.

Call Now Button