10 Cyber Security Questions That Will Define Your Business' NeedWhat Risks Are You Unaware of?

One of the biggest challenges for small business managers is they don't always realize their risks or needs for specific IT services. IT is not their business, why should they be concerned? Your business may be operating under the mindset of, "We've come this far without help, why should we pay for it now?" The tough part is getting your business managers to answer that question for themselves.

So, how do you go about getting your business managers to that "aha!" moment? You need them to truly understand all the risks that are facing them, and all of their resources. Once they do, they will understand what their risk of data loss or data breach, or their possibility of  downtime is. Next is to understand what resources are currently available and how capable, or not, they are. Then you are ready for the big question. How do I monetize each of these issues, our resources, and our potential losses. The rest of it is arithmetic.

SPOILER ALERT: You're likely to either not know or not like the answer to a lot of the questions that you're asking. If questions remain, you should ask your favorite managed security services provider (MSSP) for help on the answers.

Top 10 Cyber Security Questions

  1. What type of data are you using and creating on a daily basis? - The type of data is important because can affect the cost significantly.
  2. Where is your data being saved and stored (cloud solutions or hosted locally)? - Data storage has never been cheaper, so you should take advantage of both storage techniques.
  3. Do you see any compliance impacts with your data (HIPAA, Mass Data Privacy, etc.)? - Compliance is getting much more difficult and possibly expensive. If you are in a compliance-heavy industry is borders on madness not to have your risk assessment up to date.
  4. Have you implemented any security processes to integrate with current business processes? - Depending on the answers above, integration of cyber security with business processes is a must. Ask your competitors have they started integration. You may find your self behind.
  5. What are the major security risks that you have identified in your areas? - The definition of major cyber security risk is any loss of data, or loss of access to the data as you wait for your backup to come online, that can affect negatively affect your very business continuity.
  6. Have you identified how an unauthorized disclosure of data may occur? - Ask yourself what would your customers do if you had to tell them that you were responsible for a breach of their data? And many industries require that sort of transparency; HIPPA, SOX, FTC, and Consumer agencies all require it.
  7. Have you implemented a control to mitigate that risk? - Define all of the controls, tools, and procedures that you currently have in your business continuity plan. And then, define all risk and match them up with the resources.
  8. Do you store and work with customer PII (Private Identifiable Information) or PCI DSS (Payment Card Industry Data Security Standard)? - If you are in retail, hospitality, ecommerce, healthcare, insurance, wealth management, and many others, you have PII and need to have a plan that meets industry regulations. Others to think about are the kinds of information that your customers don't want bandied about, like business plans, business financials, merger plans, and on, and on.
  9. Have you identified who might be interested in your data? - This is an interesting question. If someone was going through your trash (paper or digital), who would it be? And what could they find? It might be more than you think. Nigerian hackers find real value in company intellectual or financial property, that they can steal and sell back.
  10. Are you equipped to handle all of these potential issues and risks on your own? - Who is responsible? Who gets the calls? How do they answer them? What do they have to say, what should they not say?
  11. This is a freebie: What if your business had suffer through a Harvey-like storm, or an earthquake, or a brush fire, or a theft. How exactly are your plans ready?

This last question is the one that will be the toughest. If you are without an MSSP, or are using an insufficient one, it is likely that the need for a good one will only grow stronger with each question.

A good tool to use is a downtime calculator. More often than not, you'll be showing your business managers a number that would force them to close your doors for good.

For more tips on thriving with small business technology, check out the other blog posts at DWP Blogs. Thanks for reading this post. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in IT services and support for successful, fast-growth companies in Los Angeles. And have created cost-effective information technology solutions for small business for over 20 years, specializing in cybersecurity. I am also a published author and speaker, working extensively with the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA) and its partners, and business and professional associations, providing business technology education programs.

Get the free report

Cyber Security Tips for Your Employees