Cybersecurity Readiness

January 10, 2022

By: Norman Comstock, Managing Director, at UHY Consulting

As the leader of your staffing organization, the future wellbeing of the company rests on your shoulders, which includes the security of your network, data, and proprietary customer information. Every week in the news, there are reports of companies that have experienced cyber-attacks. While you think it will never happen to you, there is a good chance it could.

Since most likely you are not an Information Technology (IT) expert, here are six key questions you can use to have a discussion with your IT team about your current cybersecurity readiness.

1. Do we have a robust incident response capability in place?

What you want to hear
Yes, we have software that provides alerts and possibly a third-party provider to help monitor our system around the clock and responds through quarantine or other isolation capabilities.

Warning sign
No, we do NOT have anything in place to monitor anomalous or known bad activity on servers, workstations, and laptops at all hours.

What can be done immediately

At a minimum, IT should consider deploying next-generation, endpoint detection, and response security tools. This type of software is quick to deploy and provides visibility and alerts to help quarantine the infected machine(s) and minimize the extent of the disruption. Better solution options include active response on your behalf by trusted monitoring companies.

2. Do we have a program to scan our network and applications for vulnerabilities?

What you want to hear
Yes, our company has a regular program to scan our network, applications, web services, and networked devices inside and from the internet in place.

Warning sign
No, we do NOT regularly scan our network, software applications, and device configurations.

What can be done immediately
Cunning cyber attackers are ready to take advantage of vulnerabilities. Ask IT to conduct a vulnerability scan as soon as they can to begin to identify and patch or remediate any high-risk and critical vulnerabilities. At a minimum, this should be done quarterly on internal assets and from an internet perspective. For the first few months request the results of the scan.

3. Do we have good backups of critical systems, data, and configurations?

What you want to hear
Yes, in case of a cyber event, our company has good backups of critical systems, data, and configurations and we have tested them. The back-ups are stored offsite or in the cloud so they won’t get damaged or deleted.

Warning sign
No, we do NOT have the ability to successfully restore operations from a backup and/or backup files are onsite.

What can be done immediately
Work to minimize business continuity risk with your important systems. Confirm that all IT systems are included within the backup solution and ensure that they are tested periodically to work when needed. Treat backup files as critical data and ensure the backups are segmented and isolated from the rest of the network. Also, ensure a full copy of the backups is stored offsite and is inaccessible to any ransomware or malware that might break loose in your environment.

4. Do we have an incident response plan for a cyber-attack?

What you want to hear
Yes, our company has a solid plan in place that has been regularly tested and our employees understand their roles and actions depending on the situation.

Warning sign
No, there is NO cyber-attack or overall incident response plan.

What can be done immediately
You can’t wait for a cyber-attack to occur to build an incident response plan. At a minimum, identify who your employees need to contact if a cyber incident is happening. Document the expected actions to be performed in the event of an incident and perform some tabletop tests of the plan before a real event occurs. You may want to consider a cyber 911 call service that will quickly focus the incident response activities to stabilize the environment and begin the recovery process.

5. Do we have an employee security awareness program?

What you want to hear
Yes, our employees are our best source of defense and we have a continuous testing program in place, so our staff stays alert and vigilant.

Warning sign
No, our employees do NOT understand the extreme threat that phishing emails can pose to our company.

What can be done immediately
Phishing emails remain the easiest and most likely way to get into your business to steal data, access your internal network or begin the staging of malicious software. IT or an outside vendor can build an internal program to train and educate them about suspicious emails in their inboxes, instant messages, texts and calls.

6. Do we have cyber insurance?

What you want to hear
Yes, we have a cyber insurance policy that clearly outlines what the policy does and does not cover and we understand the carrier’s role versus your role. For operational risks not covered by insurance, our company has taken the proper steps.

Warning sign
No, we do NOT have a cyber-attack or overall incident response plan.

What can be done immediately
Don’t put your company’s brand, your clients’ trust and your future are at risk. An insurance broker can provide guidance on a policy and help you manage your risk appetite for cyber loss. Ask specific questions on what losses are covered, including such things as public relations, ransomware payments, incident responders, and digital forensics.