BIO-key Blog

It's Time to Ask Your IT Team These 3 Cybersecurity Questions

Written by BIO-key Team | Oct 18, 2021 2:05:00 PM

As we have learned throughout Cybersecurity Awareness Month, the topic of cybersecurity was top of mind for everyone. The headlines throughout the year about cyberattacks especially ransomware on major organizations including Tyler Technologies, SolarWinds, Colonial Pipeline, JBS, and Kaseya heightened awareness around the possibility of an attack happening to anyone. 

However, when discussing cybersecurity like topics including multi-factor authentication (MFA) with experts and professionals from different industries, it was clear that there is a gap between the concern of becoming a victim of one of these attacks, and how to prevent them. When asked, many users confirmed that they used passwords to access their devices, systems, and data. 

For Cybersecurity Awareness Month, we know that all of us as users are responsible for putting preventative measures in place as hackers can utilize any user as an entry point to the whole organization. Therefore, to #DoYourPart to say you are #IAMCybersmart, users need to cooperate to be successful.  

So, if you are a high-level executive - this blog is meant for you. Below we have written down three key questions you should be asking your IT teams as you all work together to make sure your organization is secure.

QUESTION #1: Why are we still using passwords?  

Consider your day-to-day work with your organization. Do you use passwords to log into your email? How about confidential data? Applications? VPN? Generally, and commonly, many users have passwords, and yet they have been proven to be the weakest link in security time and time again. For example, one of the most devastating attacks from this year was the Colonial Pipeline ransomware attack which started with an old, previously compromised VPN password.  

With passwords as a known vulnerability, it is time to ask your IT team why you are still using passwords and how you can avoid relying on them as the only way to login, especially to critical systems and data.  

QUESTION #2: What is our ransomware response plan? 

As mentioned above, ransomware has become one of the most common attacks that have been targeting multiple industries and critical companies on a regular basis. Now, many companies have to think of ransomware as a matter of when, and no longer when. 
 
It is important that everyone knows the “fire drill” that will be necessary when an attack occurs. Being able to detect and respond quickly to an attack is essential so that the damage can be controlled and systems can get up and running again as soon as possible. Just as you have a disaster recovery plan for natural disasters, it is critical that your IT team has a ransomware response plan that is communicated to all employees.

QUESTION #3: Are we at risk of losing our cyber insurance?

Over the past 18-24 months the rate of ransomware attacks and the amount of ransom they demand has skyrocketed. With cyber insurers taking on the majority of the cost of these attacks, they are enforcing stricter requirements and evidence of proper cybersecurity controls. They often look for ransomware protections, IT risk management, and require multi-factor authentication (MFA) as a baseline for any cyber strategy. Without these controls, you could be at risk of being penalized with a higher premium or losing your insurance altogether.   
 
Make sure to work with your IT team to understand what cyber insurance you have (a key part of any ransomware response plan) and what requirements are required to maintain your insurance and/or a lower premium.

A First Step: Multi-Factor Authentication (MFA) on ALL Accounts  

These conversations and questions are ones that you should be having on a continuous basis with your IT team. While each of the answers to these questions may be complex, one cyber defense is able to address all of them. That’s multi-factor authentication (MFA).   

MFA can quickly add a layer of security to any password-based login, prevent ransomware and the spread of it, and meet the baseline requirements for cyber insurers.  

Everyone is Responsible for the Cybersecurity of the Organization  

With cyberattacks skyrocketing and every company continuing to be a target opportunity for cybercriminals, all of us need to start thinking of cybersecurity as their responsibility. As high-level executives, it is important that you are helping bridge the gap between you and the IT team by asking key questions, having tough conversations, and taking action to keep your county safe. MFA is a great start to begin to secure your county so you stay out of the headlines as the next victim of the next attack.