9 Questions Every Organization Today Needs To Answer You should never abdicate the critical pieces of your business. That includes information technology. While your internal IT team or third-party IT provider should handle your cybersecurity technical environment, you should also have a clear picture of your cybersecurity policies and procedures. After all, a cyberattack will negatively affect your business, your finances and your productivity. At the very least, you should know the answers to these nine crucial questions:
Simply sending out a phishing email test once a quarter is not sufficient. You should implement an ongoing awareness program that trains every team member. Step 3: DETECT People often assume burglar alarms prevent rob- beries. However, it’s more of a detection tool because an alarm sounds and people are notified of a potential incident. In cybersecurity, the proactive stage of detection is crucial to significantly reducing exposure and preventing data theft. ✓ Can you detect when your network is potentially compromised? ✓ How soon after this compromise do you get an alert? “Many ransomware attacks start with the hacker breaking into the system months before they lock your data and request a large payment,” Mike says. Step 4: RESPOND
1
What do we want to protect?
You come into the office, find your system is down, and can’t access any files. Fear consumes you as you
2
stare at a daunting message saying you won’t get your customer records until you pay $25,000 — or more. What do you do? Mike says, “The steps you take next could very well determine if you get your data back, how much you pay (if anything), and just how long your employees are sitting idle and unproductive.” ✓ How do you mitigate the threat and isolate it to a single computer? “Most people simply turn off the compromised computer,” Mike says. “That’s not necessarily what you do. Rather, you keep it on and disconnect it from the network. Also, instead of scrubbing the machine, it’s important to do forensics on it to prevent further damage.” ✓ Have you documented your response plan? ✓ Whom do you need to call — your cyber liability insur- ance or the authorities? ✓ What is the message you want your staff to convey to customers, clients, vendors, etc.? Step 5: RECOVER
What are we required to protect? Mike Moran says, “Your state, your industry, and the type of data you collect determine if you must protect that data or risk fines and lawsuits.”
3
How are our applications prioritized, and which of them are most important?
4
What are the relevant threats to our organization? “While everyone thinks of external threats like ransomware and viruses, you must also consider internal threats. As an example, your customer list is an attractive asset to employees who are considering leaving the organization,” Mike says.
5
How comfortable are we as an organization with our ability to actively respond?
“This is why I love my job and our team,” says Mike. “In the rare case where a client endures
a cyberattack, I get to call and tell them that our managed backup-solution process worked — we successfully remediated the exposure and recovered all their files. At that moment, I can feel all their worries melt away.” But if you want a happy ending to your own story, it’s crucial that you have a plan in place to successfully restore and return your affected systems and devices back to normal. Questions to consider during the recovery step: ✓ Can the system be restored from a trusted backup? ✓ How soon can systems be returned to production? ✓ How do you ensure similar attacks will not reoccur? For over 27 years, Mike Moran and his team have been affiliated with their clients to help them accomplish their goals. He says, “We have customers who have counted on us for 12, 15, and even 18 years. We do everything we can to improve their protection and improve their efficiency. We are affiliated with them, and they are affiliated with us. Hence, our name, Affiliated Resource Group.” For more information on Affiliated Resource Group, visit AResGrp.com. n
6
Who is responsible for our programs? Mike says, “Simply saying, ‘My internal IT team or our third-party IT provider is responsible,’ is the wrong answer. Everybody in your organization, especially the leadership, is responsible.”
7
Do we have a response plan in place in case we get hit?
8
When was the last time we reviewed and updated our systems or had a risk assessment?
9
Can we do this ourselves?
MSPSuccessMagazine.com/cyber2022
29
Made with FlippingBook Ebook Creator