Data breaches have become way too common in today’s digital age. In fact, even the biggest corporations end up falling victim to a cyber attack—even LinkedIn and Facebook were unexempted.

With that, the question now isn’t “Is my business going to become a victim of a cyber attack?” anymore. It’s “Do we have the proper cyber security measures in the event of a data breach?”

In a recent survey, 31% of executives said their main cyber security challenge was improper identification of key risks. Now let’s find out what yours is. The eight following questions will allow you to make a risk assessment of your cyber security posture and identify any potential vulnerabilities.

1. Do Your Employees Use Proper Password Hygiene?

By now, most organizations worldwide have put in place basic password protections, such as requiring users to update their passwords every few months. But is that really enough if users aren’t setting proper passwords in the first place?

One of the most impactful cyber security awareness measures any IT department can run is  safe password training. This can be anything from password best practices to tricks to remember them once created that don’t involve writing them down.

Another good measure is to mandate the use of a password manager company-wide. Not only will this help users by having only one password to remember, but it’ll also keep them safe across the multitude of apps they use for work. This is also very helpful during employee offboarding to track who has access to what.

Related reading: How to Create a Strong Password in 7 Easy Steps

2. Is Multi-Factor Authentication Enabled Across Your Organization?

One of the most common cyber attacks is phishing and multi-factor authentication is one of the most effective answers. This measure will also add an extra layer of security to your data in the event of a data breach.

While text message 2-factor is better than nothing, hackers and scammers have repeatedly been able to work around it via social engineering or SIM card hacking. It’s best to opt for a solution involving code from an authenticator app on the user’s phone.

These apps are lightweight and don’t take up much room on a user’s phone. They’re also not reliant on a user having cell phone service and are quicker to operate than their text message counterparts.

3. How Often Do You Backup Your Files?

Ransomware attacks happen multiple times a day all over the world. The success of these attacks rests in large part on companies having improperly backed up their files.

If access to a backup can be provided to users in the event of a breach, IT departments can focus on recovering the data without having to pay the ransom hackers usually request. All company data should be backed up on a regular basis, both to the cloud and to a physical server.

What “on a regular basis” means depends largely on the size of the company and the importance of the data being processed by the company. Backups are also important to understand the way a hacker breached systems by being able to trace back their steps at the time your system was vulnerable.

4. Is Your Crucial Data Encrypted?

The most valuable thing hackers can gain from a breach is data. Information like passwords is then sold in batches on the dark web, and social security numbers are used for identity theft to open fraudulent credit cards.

Data encryption renders these hacks completely worthless to the attacker since the time required to understand the data far outweighs the eventual gain. This measure also means your users are safer since their information is more likely to be kept secure even in the event of theft.

5. Do Your Employees Use Personal Devices for Work?

An increasingly common trend is allowing users to bring their own devices to work. Whether as a cost-cutting measure or for convenience, this type of policy is only bound to become more common with the advent of hybrid workplaces.

The simple answer here is that this practice always leads to increased malware and data breach risks. It’s best for IT departments to require that all employees use work devices only and prohibit any connection to the company’s secure network in the event that a personal device is used.

6. Do You Have a Third-Party Risk Management Strategy?

When you outsource some of your business operations to third parties, you’re granting them a level of access to your data hence making it more vulnerable to breaches should an operational issue happen on their end.

From financial to strategic risks, you need to make sure that you have a third-party risk management strategy in place to minimize the impact on your organization in case something goes awry with your third-party providers.

7. How Often Do You Refresh Your Cyber Security Awareness Content?

Your users must be trained on a variety of hacks and scams because even with the safest networks, humans still make mistakes once in a while. Phishing, malware, and ransomware have all changed incredibly in the span of the last few years.

That’s why it’s important to regularly update the content of your cyber security awareness content, but also to use varied media to make your users engage more. Additionally, some of these attacks are much simpler to understand when conveyed by video or images.

8. Have You Built a Cyber Security Aware Culture?

Regular cyber security awareness training is one thing, but it can’t cover every aspect if that’s all you’re doing. Cyber security must be a part of every process within a company if it has any aspiration to keep its data and users safe.

Creating a cyber security-aware culture doesn’t happen overnight. It’s a transition both in terms of practices but also in mindset. Getting executive support, creating strict public guidelines, putting in place a regular calendar of training, and identifying internal cyber security heroes are all great first steps in that direction.

Related reading: How to Transition from Data Protection to Cyber Culture

Cyber Security is Stronger When Questioned

The first step to assessing the strength and resiliency of your cyber security measures is to ask questions. Ask the important queries, find the loopholes in your current measures, and curate strategies to fill them and foster a strong wall against cyber attacks.

The eight questions above should provide the basic ground for you to cover. But remember that it’s not the end-all-be-all. Make sure you’re constantly assessing your risk assessment and updating your cyber security strategies.

One way to do that is by training your employees to be your business’s cyber security heroes. Get a copy of our recent report and learn how to turn your employees into your first line of defense.



Learn more about transitioning from data protection to cyber culture in the full report

Using security awareness training to build strong cyber security into your organizational culture is crucial to keep sensitive information safe. But is your awareness training program resonating with employees?