#justfrigginask – Business Security (cybersecurity) FAQ

1. We have implemented end point protection, what else do I need to do to be a more secure organisation?

Endpoint protection is probably one of the most basic cybersecurity requirements of an organization, doesn't matter what size doesn't matter what capability.

The most basic cybersecurity protections are Endpoint protection, Firewalls and the essential 8

Implementing them can make you more secure without a huge outlay in training and money.

2. We are a small organisation with 25 staff, what is the best way to secure our organisation?

We are a small organisation with 25 staff, what is the best way to secure our organisation?

Work out risk

Mitigate the risks

Implement a framework

Create resilience

3. Business security seems to be a complex process. What is the best way to keep my small business secure when I do not know where to start.

Business security seems to be a complex process. What is the best way to keep my small business secure when I do not know where to start?

The Essential 8

CBSS

Risk

4. There are huge number of digital risks and threats to my business. How can a small business manage the risk within their digital environment

5. One of my accounting staff were asked to change the banking details of a client and did it without asking and we paid $12,000 to a fraudulent bank account. How do I stop this from happening again.

6. What happens to my staff if I focus on their awareness training and they then leave the company?

7. We get overwhelmed with vendors trying to sell us the next silver bullet solution. How do I know what is good and what is bad?

8. One of our supply chain companies have come to us and told us we need to implement a security framework and have a rating of over 2.5 before they will share information with us. what are they talking about?

9. I am scared that one of my staff might open a ransomware email and I do not know what I need to do to make sure we are more secure

10. I get so confused about what I am supposed to be protecting. Is it cybersecurity, data security, information security, digital security or business security.

11. Why are passwords so important and how can I make sure that my team are doing the right thing?

12. We have moved to a cloud based systems why is it so important that we use 2FA to access the data.

13. We have commissioned a web developer to build a new website and eCommerce site. How do I make sure that it as secure as it can be?

14. We have recently moved our business operations to a cloud based system. How do I make sure that the critical data is secure and well protected.

15. We do a regular backup but there are significant gaps in our disaster recovery and business continuity. What do I need to do to make my sure my organisation can get back to business as fast as possible?

16. I have heard that business security is layered protection. What does that mean and how can I achieve it?

17. We have implemented end point protection, the essential 8 and a decent firewall. How would I know if they have failed and I have a criminal inside my network?

18. I am concerned that my team and I would not know what to do if a criminal did get passed our first and only line of defence. What would I need to do if we suspected that we had been breached?

19. I have a small team and I do not want the additional role of information security person. How do I build a secure organisation without the exorbitant costs of employing a dedicated cyber person.

20. We are a small company but we do have regulatory and governance components that we have to adhere to. How can I comply with these requirements when I do not know what I specifically need to do?

It does not matter if you have the next best thing.

If you do not protect your intellectual property, finance, revenue streams and staff from a cyber event then you will fail in your business endeavor.

These are a number of questions that have been asked in the last 3 years.

  1. We have implemented endpoint protection, what else do I need to do to be a more secure organisation?
  2. We are a small organisation with 25 staff, what is the best way to secure our organisation?
  3. Business security seems to be a complex process. What is the best way to keep my small business secure when I do not know where to start.
  4. There is a huge number of digital risks and threats to my business. How can a small business manage the risk within its digital environment?
  5. One of my accounting staff was asked to change the banking details of a client and did it without asking and we paid $12,000 to a fraudulent bank account. How do I stop this from happening again?
  6. What happens to my staff if I focus on their awareness training and they then leave the company?
  7. We get overwhelmed with vendors trying to sell us the next silver bullet solution. How do I know what is good and what is bad?
  8. One of our supply chain companies has come to us and told us we need to implement a security framework and have a rating of over 2.5 before they will share information with us. what are they talking about?
  9. I am scared that one of my staff might open a ransomware email and I do not know what I need to do to make sure we are more secure
  10. I get so confused about what I am supposed to be protecting. Is it cybersecurity, data security, information security, digital security, or business security.
  11. Why are passwords so important and how can I make sure that my team are doing the right thing
  12. We have moved to cloud-based systems why is it so important that we use 2FA to access the data.
  13. We have commissioned a web developer to build a new website and eCommerce site. How do I make sure that it as secure as it can be?
  14. We have recently moved our business operations to a cloud-based system. How do I make sure that the critical data is secure and well protected.
  15. We do a regular backup but there are significant gaps in our disaster recovery and business continuity.  What do I need to do to make sure my organisation can get back to business as fast as possible?
  16. I have heard that business security is layered protection. What does that mean and how can I achieve it?
  17. We have implemented endpoint protection, the essential 8 and a decent firewall. How would I know if they have failed and I have a criminal inside my network?
  18. I am concerned that my team and I would not know what to do if a criminal did get past our first and only line of defence. What would I need to do if we suspected that we had been breached?
  19. I have a small team and I do not want the additional role of information security person. How do I build a secure organisation without the exorbitant costs of employing a dedicated cyber person.
  20. We are a small company but we do have regulatory and governance components that we have to adhere to.  How can I comply with these requirements when I do not know what I specifically need to do?
  21. 3 years ago we implemented a number of business controls including disaster recovery and business continuity plans. I know we have not tested them since. How can I make sure that these systems are going to work in a real situation?
  22. What are the security threats to our business and what do I need to do to protect the company?
  23. I was having coffee with a friend of mine who is a CEO of an organisation and he said that all this cyber stuff is just a beat-up.  Should I believe him?
  24. The board are reluctant to spend money on business security because there are always more pressing decisions to be made. How do I get them to buy into the fact that doing nothing not only exposes the organisation but also themselves to personal liability?
  25. I know what I need to do to secure the business. We have limited money and expertise but I know that we need to do something to reduce our exposure. What is a ballpark figure of how much we should be allocating to business security?
  26. We have been told by our insurance broker that getting cybersecurity insurance will save us if we get targeted by a criminal. Is this correct?
  27. How do I know what compliance requirements are needed for our data? How do I find out and how do I implement the requirements?
  28. We started as a small company and everyone knows what everyone else is doing. We have grown substantially in the last 12 months how do I implement business controls into the business?
  29. I have been told that there is a significant difference between IT and security. What are the basic requirements that any IT department should be implementing to get our organisation to a better level of security?
  30. When it comes to business security I have heard that my staff can be my greatest asset or my biggest problem. How do I know where they are and how can I improve their knowledge?
  31. I am having problems with understanding how the criminals target us. What are my vulnerabilities and threats to the business?
  32. My IT department often tells me that they do not have the funds or the expertise to protect the organisation from a targeted attack. What do I need to do to improve that situation?
  33. I have often heard you talk about business security. What do I need to do to protect the business from a cyber threat?
  34. How is it possible to hack my computer by sending me an email? Is this just more scare-mongering?
  35. We are implementing a number of internet of things devices (IoT) and we are just plugging them into the normal corporate network. How can I improve the security around these devices?
  36. We have found a number of unauthorized devices on our network. What is the issue that these devices deliver to the business?
  37. I am concerned with our sales manager and I believe that he is leaving to work with a competitor. How do I make sure that he does not leave with any intellectual property or trade secrets?
  38. We are doing a lot of collaboration work with other companies but their data security seems to be bad. How can we work with them and protect our data?
  39. We have just invested heavily in technology and technological controls but we still had a data breach.  Why would that happen?
  40. WE have a large amount of data that we have collected over the last 5 years. How do I ensure that it is protected correctly?
  41. I have been trying to get comprehensive buy-in on business security from stakeholders, especially the board, but have failed. How do I change their attitude?
  42. We seem to have a data leak within the organisation and we do not know where it is coming from. Are there any controls I can implement that would show me what is happening?
  43. We have a social media presence (doesn't everyone) how do I ensure that sensitive information Is not published on social media?
  44. I know have been told to spend more on cybersecurity but we have a limited budget. How can I spend less but increase protection?
  45. From a business perspective, how do we protect our value chain? How do we lead the company in security when we do not know what we need to do first.
  46. I have completed the diagnostic tool and the report indicates we have a few issues. What is the baseline for business security and what do I need to do to get to that level.