5 Questions to Assess Your IT Security
February 15 2018
Would you like an indication of how secure your business is without engaging in an audit? A decent component of IT security doesn't involve looking inward at your IT infrastructure but outwards at the procedures and processes you have within your organisation.
The 5 questions below are used by our consultants when committing to an IT Security Audit and can give you a good idea of where your organisation might stand. To make these questions clear and simple, we'll be comparing a cyber attack to an office fire.
1. Do we demonstrate due diligence, ownership, and effective management of cyber risk?
Has your organisation looked at individual responsibility for a fire? Run through fire drills for staff and made certain that as many areas of safety have been considered? Wo has the responsibility of using certain equipment or ensuring all staff are out safely?
Preparing for a malware attack is similar, do your staff know what to do if they receive a suspicious email, do they know how to raise an alarm of a potential attack? Has someone been given the responsibility of assessing suspicious emails and content?
2. What have we done to protect the organization against third-party cyber risks?
How have you prepared for a possible fire? Do you have fire alarms throughout the building, fire extinguishers in the halls and a direct alarm to the fire brigade to alert them? If you have none of this infrastructure then a fire will most definitely cause far more damage and put you out of business for much longer.
The same goes for IT Security, what kinds of infrastructure do you have installed to protect the organisation? What out of the 7 layers of IT Security have you installed?
Just like a fire, the more you invest in defensive infrastructure the less destructive a malware attack will be and the sooner you'll be back in business.
3. Can we rapidly contain damages and mobilize response resources when a cyber incident occurs?
If a fire occurred in your office how quickly could it be contained? When was the last time a fire safety expert reviewed your defensive infrastructure?
The same thinking goes for a malware attack. Has your organisation's cybersecurity been assessed? Do you know how your system would cope with an attack?
4. How have we prepared for the Notifiable Data Breaches amendment to the Privacy Act 1988 (Cth)?
If the government was fining organisations $1.8 million and individuals $360,000 who failed to report fire incidents, most organisations would ensure that they had proper fire safety installed.
Within a few weeks when the new federal legislation becomes law (read up here). The government will have the ability to fine organisations and individuals $1.8 million or $360,000, who fail to report data breaches that have the potential to cause harm.
The reason the government is preparing to hand out fines is that many businesses hide data breaches (after the fact) to stop the negative repercussions (loss of faith from clients, customers, public, drop in share price, etc).
Most organisations are preparing for the new legislation by ensuring their cyber-security is capable to fend off any attacks.
5. What would the cost be for both financial and intangible (reputation, brand)?
What would be the expense for your organisation after a fire rips through it? If your building was partially destroyed, your equipment unusable and your business data and records gone. How long would you be out of business for and what would this cost you financially?
The same goes for a data breach. If malware infected your organisation, locked your staff out of their PC's, held your data hostage or deleted it, what would be the financial damage? How long would you be out of business and would it be possible to recover? An additional consideration is the cost of reputation. Many organisations who suffer a data breach lose face with clients, prospects and the general public.
Just like a fire burning down your office, a malware attack can mean the end for businesses.
If your origination still has any questions around IT security please feel free to reach out for a discussion or consultation on 1300 133 966 or email us at firstname.lastname@example.org