Story image

Six questions every business needs to consider to measure their cyber security

22 Jan 2018

Achieving reliable cyber security takes a lot of work. It’s a bit of a moving target, and it can be hard to tell if you’ve accomplished what you set out to do. That’s why evaluating the strength of your system’s security is so crucial—you need to know if you have vulnerabilities before a breach attempt; otherwise, you have no way of preventing the inevitable.

To that end, here’s a list of questions you need to be asking about your cyber security to determine its health and strength. Whether you’re an IT professional trying to keep things running, or an administrator trying to peer into the tech world for a little perspective, these questions should help you move closer to your goal of cyber security.

Who owns your PKI?

For those of you reading this that don’t know your binary from a recursive hole in the ground, it’s important to have a little foundational knowledge to work with. In that spirit, PKI stands for Public Key Infrastructure, and it’s how your HTTPS pages of your website are encrypted. Sparing you a more technical definition, it’s a system of encryption that ensures that third parties aren’t listening in when someone visits your site.

Your encryption is only as good as the cryptographers who are putting it together, so knowing who is running your PKI is important. Are you running it in-house? And if so, do you have security professionals doing it? If it’s outsourced, is it a reputable company with adequate expertise? Just as you wouldn’t want an amateur keying the locks in your building, you want a pro locking up your website. Know who is managing your PKI, and then ensure they’re doing their job right.

Who do you share your data with?

Along similar lines, you need to be careful who you share sensitive data with. External companies may not always be mindful of your cyber security; they may be “leaving the door unlocked,” metaphorically speaking. If they’re in possession of some of your private information, it may be stolen from under their unwatchful eye.

Do you have external defenses in place?

Like a moat around a keep, you need barriers to access that prevent or at least slow intrusion attempts. Firewalls, permission walls, risk assessment tools, and other defensive systems are critical to keeping out unwanted visitors, and intrusion detection is pivotal if you intend to react quickly to data breaches. Once you have defenses in place, though, you’re not done.

Do you conduct regular penetration tests?

“Pen Testing” is when a security professional attempts to gain unauthorised access to a system as a way to discover the flaws in security and remove them. Like a fire drill, it simulates a potentially catastrophic event in a safe manner, to see how well prepared you are for it. If the tester gains access, the vulnerability is identified and addressed, bolstering the system’s strength.  

How well encrypted is your sensitive data?

You can’t prevent every breach, but you can render your data useless to thieves by encryption or hashing the data. A solid cryptogram will take decades for a hacker to decrypt, and proper hashing makes data like passwords unintelligible. It may seem like a lot of work, but you will be glad you did it in the end.

How well prepared are your employees?

Among the biggest threats to your company are the staff you already have. Even aside from any malicious activity, simple mistakes like misaddressed emails or clicking on a phishing link can leave your data vulnerable. So be sure your employees are well trained on company security policies, and what to do if they make a mistake or see something suspicious. It will go a long way to making your company secure.

Article by Danielle Adams, Venafi.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.