Business + IT Insights

Own Your IT Security by Assessing Your Risk

Posted by Dave Lazor on Wed, Apr 12, 2017


ransomware image.png

A recent study reported that the average company had four ransomware attacks last year. These attacks had costly consequences, including investing in new technologies (33 percent), losing customers (32 percent) and missing revenue due to downtime (32 percent).

Prevention is Vital

Most business owners understand the importance of good security practices, but their IT departments struggle to implement a comprehensive plan to improve security.

Smaller IT teams often only have the resources to react to viruses and scams instead of preventing them. Prevention starts with assessing risk, deploying the right technology to overcome vulnerabilities in your systems and educating your employees.

Ensuring that all employees have good online habits is the final line of defense against ransomware, phishing attacks and other scams that could devastate your business.

Over the next several weeks we’ll share posts that explain risk assessment, how to deploy the right preventative technology and most importantly, educating employees on best practices.

Get Prepared

Most business owners don’t know how their company will respond to an attack until it’s too late. If you don’t understand your company’s vulnerable points, how can you devise a strategy to protect it?

Security readiness starts with assessing risk. A rigorous analysis of your security practices from a people, process, and technology standpoint will identify weaknesses and provide opportunities to address them before a criminal does.

It can be daunting, but asking the following questions about your people, processes, and technology will provide idea of where your company’s security readiness stands:

People

  • Is my team aware of the threats and consequences of ransomware and phishing scams?
  • Can my team recognize fraudulent email messages, websites or even phone calls?
  • Does my team know the right way to report suspicious emails or experiences?
  • Has my team been tested on their level of skill and awareness when it comes to ransomware, phishing or other threats?

Process

  • Has a formal, ongoing security training program been implemented and measured for effectiveness?
  • Are employees regularly alerted on new threats and best practices as they become known?
  • Am I getting a monthly (or more frequent) IT health check?
  • Is my IT team actively seeking vulnerabilities and ways to improve security?
  • How often is my IT team updating the software/antivirus and patching systems and applications to protect against exploited security flaws?
  • Are access controls in place so that employees don’t download something that they’re not supposed to?

Technology:

  • What technology is in place to catch threats before they get to employees?
    • Antivirus
    • Firewall
    • Spam filter
  • Are the technologies we have in place up to date?
  • How regularly are my company’s data and applications backed up?
  • Do we regularly test the validity of our backups to make sure they are usable in times of need?

Take Control

It’s time for business leaders to lead the charge against ransomware and cyber fraud. After asking these questions work with your IT team to determine the probability of each risk, estimating the potential impact and determining mitigation strategies.

Stay Up-to-Date

We have a lot more to share about security readiness. Subscribe to this blog at the top of this post to keep up with this vital topic.

To learn more about ransomware, read our eBook, which explains ransomware, how to overcome an attack and how to avoid a data hostage situation altogether.

Avoiding Ransomware: a new eBook on how to recognize, prevent, and overcome a data hostage situation

Tags: IT Security, ransomware

Subscribe by Email

What percentage of your employees are prone to phishing attacks? It might be higher than you think. Find out today.
New Call-to-action
You deserve more. One meeting with Lazorpoint and you'll understand how we turn your standard IT into a business advancement engine.