Do all of your users follow this critical security control, verifying their identity with more than one factor when logging in to email, VPN , and critical system access?
When is the last time your organization thought out--and documented-- a plan for how to identify, respond, and recover from a cyber security incident. Do you regularly test it?
Do you require a VPN, remote access gateway, or networking filtering device to your internal network?
Are you encrypting your data and storing it in a truly immutable, air-gapped environment, physically isolated from your network?
What processes and protections do you have in place to make sure that legacy systems or hardware that are no longer addressed by security patches are no longer in use?
Are you using EDR solutions with machine learning that identifies and blocks ransomware and malware, mitigating threats that haven't even been identified yet?
Have you configured your capability to generate logs and send them to a centralized platform or SIEM solution so you can identify the threat and analyze what happened?
What tools are you using to educate your staff about the latest real-world risks of phishing and social engineering attacks?
What policies and mechanisms do you have in place to make sure software updates are taken care of promptly? Can you prioritize risk when new exploits are released?
Do staff use a password manager to with MFA to generate and store strong, unique passwords? Are employees limited to access only the systems and applications they need for day-to-day responsibilities?