- Is your board of directors fully engaged in cyber-security?
According to a recent whitepaper by AT&T, 75% of corporate boards are not involved in active oversight of cyber-security despite the threat it poses to brand equity, employees, and customers.
- When did you and your board review your last risk assessment?
Your IT department should be consistently and regularly performing risk assessments with recommendations for upper management. These risk assessments should not be taken lightly and should include oversight from the biggest decision makers in the company.
- What makes you a target for attacks?
One of the biggest errors companies make is thinking their company will be passed up for a “more lucrative” fish. Cyber attacks come big and small – and for a variety of reasons. Do you have access to personal financial information? Medical records? Is your industry controversial in any way making you a target for “hacktivists”? It’s best to assess what value attacking your company has and protect that information specifically.
- What data is leaving your company and is it secure?
The economics of cyber corporate espionage are clear. It’s much easier to steal proprietary information than it is to do research and development on one’s own. Foreign nations themselves have been known to fund the hacking of corporations in order to give industry in their countries a let up. Who has access to your proprietary information and how are they handling that information?
- How have I provided my security organization with all the tools and resources they need to help prevent a security breach?
This is an industry that changes almost overnight. Last year’s technology is not likely to help you – and your risk assessment team should also be regularly reviewing the latest protective measures available. The longer a security method is used, the more time the hackers have to compromise its integrity. Are you sure that you’ve given your IT department the tools to keep one step ahead?