Estimated Reading: 3 minutes
You may not of heard, but it is National Ask a Question Day! This day is marked to encourage anyone who has a question to do so. If you’re curious, concerned, unclear or seeking more information, now’s the perfect time to speak up!
(Quick fact: March 14th is also Albert Einstein’s birthday. He has been famously quoted as saying, “The important thing is not to stop questioning.”)
So, for those of you curious or concerned about cyber security, what questions should you be asking?
Great question! First of all, there are plenty of places to go to ask your cyber security question. Instinctively most of us just Google our query and usually get a few different solutions. You can also try and find a FAQ or forum relevant to your question and browse for similar questions. Usually a last result is finding a professional, like IT support or CISO, and asking for help. Never be anxious to ask someone a question even if you believe it sounds “dumb”. Technical support staff and CISOs are there to answer your questions and help you find solutions to any issue!
There are plenty of questions to go to support and CISOs for, like if you’re having trouble with a program or can’t find something you need off of a computer. But if you’re looking to understand more about a company’s cyber security there are some specific questions you should be asking that will give you a clear picture of how safe their information is kept.
How is high-valued information protected differently than low-valued information?A good compare and contrast question. With their answer you’ll be able to better gauge a) what the company considers to be valuable and b) how willing they are to keep that information safe. The more layers of security information has the less cyber criminals threaten it. If they do break through the first ring of defense and access the lower-valued info, their threat can be detected before they access more precious data.
What systems are in place to protect this information?If your perimeter is secure, then the data inside will be as well. So it’s good to know what kind of measures are in place to protect certain information. From firewalls to passwords, there are plenty of ways to keep information out of the wrong hands. Nothing can fully be “hacker proof”, but the more layers protecting something and the quicker threats are detected, the safer the information will be.
Will a threat or breach to security be detected? At what level of protection would a breach be realized?If an attack is detected in time a potential data breach may be preventable. IT personnel should be monitoring to see the first sign of trouble if it arises. But, if the security team isn’t trained to know what a threat looks like then it’s easy for cyber criminals to go unnoticed. If the company runs security testing then their employees should be able to spot and stop attacks.
What tests are being run to ensure security systems are working properly?Is penetration testing being performed? Are incident response times being monitored? Are employees being tested on identifying social engineers? If a company is responsible they will be testing themselves on their security strength. Because things are constantly changing and moving around in a company it is important to test over and over for any weaknesses in the security systems. This way, any unprotected parts can be covered in case of a real attack.
How are employees being trained to defend themselves against cyber attacks?You can’t fully depend on IT staff and CISOs to fend off intruders all on their own. It is easy for cyber criminals to take advantage of any employee through social engineering and gain access to information that should be secure. With the proper training and know-how, a company’s employees can be just as defensive as the IT staff when it comes to warding off potential predators. They should be ready to identify and report any threats that come their way.
You could wear your CISO’s ears off with all the different questions you could ask about cyber security. It’s important to know and understand how any security system in place is working to keep your data safe and it is a comfort to know that everyone in a company is properly trained to handle cyber criminals. It is everyone’s responsibility keep themselves and others educated when it comes to keeping information safe, especially during a time of so many possible threats. So, in honor of National Ask a Question Day, we encourage you to find your nearest information security expert and ask them a few questions!