Story image

Six questions every business needs to consider to measure their cyber security

22 Jan 2018

Achieving reliable cyber security takes a lot of work. It’s a bit of a moving target, and it can be hard to tell if you’ve accomplished what you set out to do. That’s why evaluating the strength of your system’s security is so crucial—you need to know if you have vulnerabilities before a breach attempt; otherwise, you have no way of preventing the inevitable.

To that end, here’s a list of questions you need to be asking about your cyber security to determine its health and strength. Whether you’re an IT professional trying to keep things running, or an administrator trying to peer into the tech world for a little perspective, these questions should help you move closer to your goal of cyber security.

Who owns your PKI?

For those of you reading this that don’t know your binary from a recursive hole in the ground, it’s important to have a little foundational knowledge to work with. In that spirit, PKI stands for Public Key Infrastructure, and it’s how your HTTPS pages of your website are encrypted. Sparing you a more technical definition, it’s a system of encryption that ensures that third parties aren’t listening in when someone visits your site.

Your encryption is only as good as the cryptographers who are putting it together, so knowing who is running your PKI is important. Are you running it in-house? And if so, do you have security professionals doing it? If it’s outsourced, is it a reputable company with adequate expertise? Just as you wouldn’t want an amateur keying the locks in your building, you want a pro locking up your website. Know who is managing your PKI, and then ensure they’re doing their job right.

Who do you share your data with?

Along similar lines, you need to be careful who you share sensitive data with. External companies may not always be mindful of your cyber security; they may be “leaving the door unlocked,” metaphorically speaking. If they’re in possession of some of your private information, it may be stolen from under their unwatchful eye.

Do you have external defenses in place?

Like a moat around a keep, you need barriers to access that prevent or at least slow intrusion attempts. Firewalls, permission walls, risk assessment tools, and other defensive systems are critical to keeping out unwanted visitors, and intrusion detection is pivotal if you intend to react quickly to data breaches. Once you have defenses in place, though, you’re not done.

Do you conduct regular penetration tests?

“Pen Testing” is when a security professional attempts to gain unauthorised access to a system as a way to discover the flaws in security and remove them. Like a fire drill, it simulates a potentially catastrophic event in a safe manner, to see how well prepared you are for it. If the tester gains access, the vulnerability is identified and addressed, bolstering the system’s strength.  

How well encrypted is your sensitive data?

You can’t prevent every breach, but you can render your data useless to thieves by encryption or hashing the data. A solid cryptogram will take decades for a hacker to decrypt, and proper hashing makes data like passwords unintelligible. It may seem like a lot of work, but you will be glad you did it in the end.

How well prepared are your employees?

Among the biggest threats to your company are the staff you already have. Even aside from any malicious activity, simple mistakes like misaddressed emails or clicking on a phishing link can leave your data vulnerable. So be sure your employees are well trained on company security policies, and what to do if they make a mistake or see something suspicious. It will go a long way to making your company secure.

Article by Danielle Adams, Venafi.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.