Do you know what the costs for your business to respond to & recover from a serious cyber incident?

What is your cost to repair your online presence, or to replace your entire site or mobile app?

Or, what would be the cost to hire rapid resources at last minute to remedy your cyber incidents?

Do you know the cost involved? The time it may take? Or the other impacted facilities that could also be cost burdened?

Can your business survive without digital resources; internet, websites, email, apps, etc.?

If your systems were interrupted or shut down by intrusion or technical issues, how long could all/some of your business functions operate before your clients are affected?

Or the costs and resources of your business are affected?

Can you still operate with your website down, CRM intrusion, email hacked, or any of your digital systems affected?

Do you know what data and IT systems your business needs to keep operating if exposed to cyber breach?

Can you survive with a third party email account like Gmail?

What about your social media accounts and websites; what if they go down or are hijacked?

Do you know what you will need as a resource minimum for your business to continue operating and survive?

Do you know who has access to your business systems and data?

Are you aware of your personnel that has access to your systems and data?

What access do former staff or contractors have, or still have access to?

Are there any former staff that have access to your systems, and have they been removed from access privileges and their email accounts have forwards and allocation correctly?

Do you know how your digital assets are protected?

Are you, or your IT administrators able to understand your minimum security and protection systems for your digital assets?

It's a simple question, however should involve an informed answer.

Are all computers protected by a properly configured firewall?

Are firewalls configured correctly on your systems?

This includes PC's and devices connected to your network.

Have your firewalls ever been switched off to allow for applications and hardware to connect to your network?

Do you have policies in place to ensure safe and proper use of internet and email?

Are your staff aware of your operating procedures and practices for internet and email access and usage?

The majority of system issues can be contributed to staff opening malicious emails and attachments, as well as browsing non-work related sites and applications.

Are staff prevented from installing software without prior approval?

Many devices are not restricted from downloading software and applications automatically. Updates should only be on an automated schedule (outside of work hours) and device users, (staff & contractors) should be restricted from accessing and installing software without a network administrators assessment and approval.

We see large amounts of vulnerabilities and issues caused by staff installing software without proper knowledge of it and administrator permission.

Do you have controls in place to ensure authorised access only?

Are logins shared for some applications and software?

Are some staff or contractors granted access to systems with poor credential management?

Do you have 2FA (Two Factor Authorisation) on hardware and/or your key software and cloud storage?

Do you have sufficient credential and password management?

Are your passwords multi character, symbol based, and more than 12 characters?

Are they based on best practices for strong authority protocols?

Do you know where your critical business information and data is stored?

On internal computer systems, Australian based data centres, international data centres or cloud based servers?

A lot of our newer clients are not aware that their sensitive company and client data is stored on adequate servers, however are in offshore locations. There are significant risks associated to poor server and traffic management protocols.

Do you understand the risks associated with data held by your third party suppliers?

Not all businesses are able to store and utilise data on premises. Using third part software providers may allow for them to use your data for their own purposes.

Are you protected against risk and intrusion by needlessly exposing your data or your clients data?

Do you have backup measures and disaster recovery plans in place?

Is your data and digital presence (Websites, portals, apps, etc.) automatically backed up at regular intervals? Are you able to access this data rapidly and without restrictions?

Do you have an independent mentor to discuss your IT needs from time to time?

Are your IT services audited by a third party to ensure you have the best practices in place and are operating efficiently whom can assess works done by your internal IT administrators, or any third party providers used?

Do you regularly evaluate the market to ensure that your IT services are still the best ‘fit’ for your business?

Prices for services and equipment change as often as the hardware and software itself is updated. It's important to ensure that evaluations are conducted to ensure that you're operating with the latest technology for the most economical prices.

Does your anti-virus software address viruses, trojans, spyware, key-logging software and warns against suspect web pages?

How often is updated? When does it run on your systems/devices? Who monitors and maintains these systems? Is it effective at removing threats from incoming emails? Can you guarantee that your messages and files sent to clients is not infected with any threats?

Is your data restricted to only those staff that require it and only when needed?

Is your data restricted to role specific tasks?

Are staff able to access your entire database/s?

Is the data accessible from outside the office or in remote working environments?

Is any critical business data stored on easily-lost USB sticks or external hard drives?

Are systems restricted from transferring client records, contracts, data, etc. to external drives and portable storage?

Can your customer list be copied onto a USB drive by staff or contractors?

Have you considered cyber insurance as part of your cyber risk management strategy?

Are you aware of cyber-insurance?

Are you currently covered under your existing business insurance for protection from digital threats?

Will your insurer cover you against hardware/software issues? Against hacking and hijacking? Will they cover your recovery and rebuild costs?

Have you established a working relationship with an external IT specialist who is familiar with your business?

It is essential that you are able to call on resources and support swiftly and deploy solutions quickly. A trusted resource will be a massive benefit in an emergency as well as with general consultation.

Specialists familiar with your server setup and digital ecosystem need to be available on short notice, to fix urgent server, website, software and hardware problems. Saving selection processes and further errors and issues with recovery or just updates.