Cybersecurity Risk Assessment - Results
The Cybersecurity Risk Assessment is meant for informational purposes only and is not to be considered a qualified Risk Assessment. Only a comprehensive evaluation of your network and architecture can be considered a proper Risk Assessment. This survey merely helps you determine the next steps your organization might need to take to become cyber resilient and adequately secured. Please contact us to step through your results and help perform a holistic assessment and develop a working strategy to secure your business.
Password Security refers to the control placed on your network-connected devices, such as your work station.
Password Complexity + Expiration is a very solid password policy, and will thwart most password attacks. To further strengthen your security posture, consider adding MFA.
File & Data Backups
File Backups refer to the procedure in-place to safely copy critical business files and databases.
Automatic and Scheduled Backups encrypted and stored offsite is the strongest backup policy. Good job!
Antivirus Protection refers to an end-point installed solution to protect against computer viruses, such as McAfee, Norton, or Avast.
Having antivirus on your end-points can spare you a lot of headache, but running manual scans leaves the protection up the the employee, which can mean it is left undone. Consider scheduling automatic scans and real-time scans of your system to maintain a healthy end-point.
Acceptable Use Policy
An Acceptable Use Policy governs how employees use company resources and restricts certain activities.
Enforcing and Auditing an Acceptable Use Policy is a strong procedure and ensures the highest level of protection for your organization. Good job!
Email Security refers to the control placed with your email provider to safeguard your incoming and outgoing emails from threats.
Using antivirus, antispam, and antiphishing protection is a strong angle to security. You are protecting yourself from 66% of malware delivery and thwarting the social engineering angle. Good job!
Security Awareness Training
Security Awareness Training refers to the on-site or virtual training conducted to train employees of the ongoing threats including social engineering and phishing.
Most organizations perform annual Security Awareness Training, so you are in good company here. But, the effectiveness of training only lasts 4 months on average. Humans are the weakest link in security, so providing training is important. Consider 2 or 3 annual security training sessions to keep your employees at their peak performance.
Firewall Defense refers to the control used within your organization to keep external threats out while securing your internal network.
Having External, Internal, and Host-Based Firewalls is the strongest security posture for keeping your assets safe. Good job!
Intrusion Detection refers to the ability to detect intrusion to your network and the ways that you can discover it.
Protecting your network with an Intrusion Detection/Protection System and collating logs onto a SIEM is the strongest security posture. Good job!
Personal Devices refers to the ability to bring personal devices from home and connect to the corporate network through WiFi, such as a phone or tablet.
Allowing but Restricting Personal Devices is the strongest policy to implement. In todays world, allowing personal devices access to an internet-enabled network is considered standard policy. To further strengthen this posture, consider implementing Mobile Device Management (MDM) to ensure these devices are free from compromise before gaining access to your infrastructure.
Workstation OS Patches
Workstation OS Patches refers to the procedures to keep current with OS patching, updates, and Hotfixes.
Performing Manual Patching to your OS and other software is a good starting point. Leaving the installation of critical patches to a manual procedure can leave room for forgotten updates and system compromise. Consider automatically performing the update installation to workstations (not servers) to increase the security posture of your organization.