by UHY LLP

As the leader of your staffing organization, the future wellbeing of the company rests on your shoulders, which includes the security of your network, data, and proprietary customer information. Every week in the news, there are reports of companies that have experienced cyber-attacks. While you think it will never happen to you, there is a good chance it could.

Since most likely you are not an Information Technology (IT) expert, here are six key questions you can use to have a discussion with your IT team about your current cybersecurity readiness.

1. Do we have a robust incident response capability in place?

What you want to hear

Yes, we have software that provides alerts and possibly a third-party provider to help monitor our system around the clock and responds through quarantine or other isolation capabilities.

Warning sign

No, we do NOT have anything in place to monitor anomalous or known bad activity on servers, workstations and laptops at all hours.

What can be done immediately

At a minimum, IT should consider deploying a next generation, endpoint detection, and response security tools. This type of software is quick to deploy and provides visibility and alerts to help quarantine the infected machine(s) and minimize the extent of the disruption. Better solution options, include active response on your behalf by the trusted monitoring companies.

2. Do we have a program to scan our network and applications for vulnerabilities?

What you want to hear

Yes, our company has a regular program to scan our network, applications, web services, and networked devices inside and from the internet in place.

Warning sign

No, we do NOT regularly scan our network, software applications and device configurations.

What can be done immediately

Cunning cyber attackers are ready to take advantage of vulnerabilities. Ask IT to conduct a vulnerability scan as soon as they can to begin to identify and patch or remediate any high risk and critical vulnerabilities. At a minimum this should be done quarterly on internal assets and from an internet perspective. For the first few months request the results of the scan.

3. Do we have good backups of critical systems, data, and configurations?

What you want to hear

Yes, in case of a cyber event, our company has good backups of critical systems, data and configurations and we have tested them. The back-ups are stored offsite or in the cloud so they won’t get damaged or deleted.

Warning sign

No, we do NOT have the ability to successfully restore operations from a backup and/or back-up files are onsite.

What can be done immediately

Work to minimize business continuity risk with your important systems. Confirm that all IT systems are included within the backup solution and ensure that they are tested periodically to work when needed. Treat backup files as critical data and ensure the backups are segmented and isolated from the rest of the network. Also, ensure a full copy of the backups is stored offsite and is inaccessible to any ransomware or malware that might break loose in your environment.

4. Do we have an incident response plan for a cyber-attack?

What you want to hear

Yes, our company has a solid plan in place that has been regularly tested and our employees understand their roles and actions depending on the situation.

Warning sign

No, there is NO cyber-attack or overall incident response plan.

What can be done immediately

You can’t wait for a cyber-attack to occur to build an incident response plan. At a minimum, identify who your employees need to contact if a cyber incident is happening. Document the expected actions to be performed in the event of an incident and perform some tabletop tests of the plan before a real event occurs. You may want to consider a cyber 911 call service that will quickly focus the incident response activities to stabilize the environment and begin the recovery process.

5. Do we have an employee security awareness program?

What you want to hear

Yes, our employees are our best source of defense and we have a continuous testing program in place, so our staff stays alert and vigilant.

Warning sign

No, our employees do NOT understand the extreme threat that phishing emails can pose to our company.

What can be done immediately

Phishing emails remain the easiest and most likely way to get into your business to steal data, access your internal network or begin the staging of malicious software. IT or an outside vendor can build an internal program to train and educate them about suspicious emails in their inboxes, instant messages, texts and calls.

6. Do we have cyber insurance?

What you want to hear

Yes, we have a cyber insurance policy that clearly outlines what the policy does and does not cover and we understand the carrier’s role versus your role. For operational risks not covered by insurance, our company has taken the proper steps.

Warning sign

No, we do NOT have a cyber-attack or overall incident response plan.

What can be done immediately

Don’t put your company’s brand, your clients’ trust and your future are at risk. An insurance broker can provide guidance on a policy and help you manage your risk appetite for a cyber loss. Ask specific questions on what losses are covered, including such things as public relations, ransomware payments, incident responders, and digital forensics.