Not a very interesting subject. Not necessarily the stuff you want to talk about with friends or at a party. Probably not too fun to talk about it even when you need to. But it has to be done. In fact, lets look at why it needs to be done but going through a series of questions and discover the importance of good cybersecurity policies and procedures.
- When was the latest cybersecurity audit done at your company?
If the answer was more than six months ago, you should have a policy to correct this or risk a major cybersecurity event.
- How complete are your cybersecurity policies do they cover more than just IT functions?
The answer to this one should be that they are very extensive and cover all parts of my business and all parts of my supply chain.
- Who in your organization sees and approves your cybersecurity policies and procedures?
If you say the CIO, then you are not getting it into the right hands. The CEO and board should be involved.
- Do you have a skilled and well connected CISO?
If you say no to this. You are exposed and need to start looking. Good CISO’s are hard to find.
- When was the last time you had a cybersecurity breach?
If you say never, then you are not looking hard enough. There is a very good chance you have been breached and you just don’t know it yet. Keep looking and never stop. Discover the breaches before they happen. That’s what the successful companies do.
As you can see it is pretty easy to fail a simple test like this and realize you are exposed. However, you certainly want to fail this test here and not the real test of your active production network. Start filling these gaps today. And if you don’t know how then get help.