Are You Cyber-Aware?

October 2017

10Questions_imageheader.jpg

Download PDF Version

In today’s complex business environment, mastery of strategy, operations and technology is a requirement for every business leader. Protecting and preserving the things that have made your organization successful starts with understanding what makes it vulnerable.  Below are ten questions you should consider when it comes to your organization’s cybersecurity.

1. Has your company defined and prioritized your most valuable information assets? 

2. Has your company developed a cross-functional cybersecurity risk advisory committee? 

3. Have you performed vulnerability and penetration tests on company network within the past year?

4. Does your company provide annual or more frequent cybersecurity education and training to your company senior executives, board of directors, and employees? 

5. Does your company have an incident response (IR) plan in place? If you answered yes: 
  • Does your IR plan contain the details for data breach notification guidelines for senior executives, company board of directors, and law enforcement?
  • Does your IR plan define your company policy for the payment of a cyber ransom? 
6. When employees access your company network, do you require multi-factor authentication? 

7. Is your organization’s network monitored 24 /7 / 365 via a Security Operations Center (SOC)? 

8. Do your company Information Technology (IT) policies on the timeliness of performing security patches for operating systems and software applications require a patch be performed within 72 hours from the date the software security patch is released? 

9. Is your current budget for information security hardware, software, and services less than 10 percent of your overall Information Technology (IT) budget? 

10. Does your organization regularly evaluate its cybersecurity risk management program and the effectiveness of its controls? 

If you answered no to any of the questions above, we strongly advise you to contact a member of BDO’s cybersecurity team. We can help you take steps to safeguard your organization and mitigate your cyber risk exposure.
 

For more information, please contact:
 
Gregory Garrett
Head of National Cybersecurity
                                              

 
John Riggi
Head of Cybersecurity and Financial Crimes
 

 
Eric Shirk
National Leader of Digital Forensics and Cyber Investigations
 

 
Jeff Ward
Third-Party Attestation Practice Leader