sb-eu logo
Story image

Six questions every business needs to consider to measure their cyber security

22 Jan 2018

Achieving reliable cyber security takes a lot of work. It’s a bit of a moving target, and it can be hard to tell if you’ve accomplished what you set out to do. That’s why evaluating the strength of your system’s security is so crucial—you need to know if you have vulnerabilities before a breach attempt; otherwise, you have no way of preventing the inevitable.

To that end, here’s a list of questions you need to be asking about your cyber security to determine its health and strength. Whether you’re an IT professional trying to keep things running, or an administrator trying to peer into the tech world for a little perspective, these questions should help you move closer to your goal of cyber security.

Who owns your PKI?

For those of you reading this that don’t know your binary from a recursive hole in the ground, it’s important to have a little foundational knowledge to work with. In that spirit, PKI stands for Public Key Infrastructure, and it’s how your HTTPS pages of your website are encrypted. Sparing you a more technical definition, it’s a system of encryption that ensures that third parties aren’t listening in when someone visits your site.

Your encryption is only as good as the cryptographers who are putting it together, so knowing who is running your PKI is important. Are you running it in-house? And if so, do you have security professionals doing it? If it’s outsourced, is it a reputable company with adequate expertise? Just as you wouldn’t want an amateur keying the locks in your building, you want a pro locking up your website. Know who is managing your PKI, and then ensure they’re doing their job right.

Who do you share your data with?

Along similar lines, you need to be careful who you share sensitive data with. External companies may not always be mindful of your cyber security; they may be “leaving the door unlocked,” metaphorically speaking. If they’re in possession of some of your private information, it may be stolen from under their unwatchful eye.

Do you have external defenses in place?

Like a moat around a keep, you need barriers to access that prevent or at least slow intrusion attempts. Firewalls, permission walls, risk assessment tools, and other defensive systems are critical to keeping out unwanted visitors, and intrusion detection is pivotal if you intend to react quickly to data breaches. Once you have defenses in place, though, you’re not done.

Do you conduct regular penetration tests?

“Pen Testing” is when a security professional attempts to gain unauthorised access to a system as a way to discover the flaws in security and remove them. Like a fire drill, it simulates a potentially catastrophic event in a safe manner, to see how well prepared you are for it. If the tester gains access, the vulnerability is identified and addressed, bolstering the system’s strength.  

How well encrypted is your sensitive data?

You can’t prevent every breach, but you can render your data useless to thieves by encryption or hashing the data. A solid cryptogram will take decades for a hacker to decrypt, and proper hashing makes data like passwords unintelligible. It may seem like a lot of work, but you will be glad you did it in the end.

How well prepared are your employees?

Among the biggest threats to your company are the staff you already have. Even aside from any malicious activity, simple mistakes like misaddressed emails or clicking on a phishing link can leave your data vulnerable. So be sure your employees are well trained on company security policies, and what to do if they make a mistake or see something suspicious. It will go a long way to making your company secure.

Article by Danielle Adams, Venafi.

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
COVID-19 related email threats pose huge risk in 2020
According to the company’s annual mid-year roundup report, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More