HOW SECURE IS YOUR BUSINESS?

Cybersecurity Readiness Test: Will your company pass?

1. What data is most important to your organization, your clients and your consumers?​

2. What are the cybersecurity threats and technology risks to your data and business?

3. Where is your data and how is it used?

4. Who has access to your systems and sensitive data? What access do they have?

5. What regulatory or industry standards related to cybersecurity are applicable to your business?

6. Do you have a cybersecurity or information security program? 

7. Do you have policies that prescribe the use, protection and disposal of information assets? What are the consequences for noncompliance?

8. Does your staff understand their responsibilities in protecting sensitive information?

9. Do you have a named Chief Information Security Officer (CISO), or an individual responsible for the cybersecurity function? (NYS DFC 23NYCRR500)

10. Do you outsource technology functions? Do you send sensitive data to third parties?  Do you know how data is protected, utilized, and disposed?

11. Is your technology cloud enabled?  Do you know the cloud provider's security responsibilities? Do you know your security responsibilities?

12. Do you have anti-malware and data loss prevention capabilities? Do you monitor them?

13. Have you ever had a penetration test?

14. Are you monitoring access and activity on your infrastructure and applications?

15. Can you detect a data breach?

16. Do you have a documented incident response process?  Do your vendors?

17.  Can you function if your technology is not available?  Do you have a recovery strategy?