Skip to main content

Six Cyber Security Questions to Ask Your Technology Team

Review six important security questions to ask your technology team. Get details on protecting your Cyber Security from Fresh Insights


Important Cyber Security Questions Every Business Should Ask

Cybercrime is a growing threat for practically all businesses and industries today. According to the 2015 Cost of Cyber Crime Study published by the Ponemon Institute, the mean cost of cybercrime to organizations that are victimized rose from $7.2 million in 2013 to $7.5 million in 2014 and $7.7 million in 2015.
Given the serious threat posed by cybercrime, Cadence Bank’s Chief Information Officer Tom Clark spoke on the topic of cyber security at the annual TEXPO conference in April. In his discussion, which he co-presented with Dell SecureWorks Senior Security Engineer Paul Orth, Clark identified six cyber security questions CFOs and business owners should ask their technology team:

1. “Where is the data that really matters located and what is its value?”

First, determine what specific data is most critical to your company. For example, if your business accepts credit and debit card payments from your customers, then customer payment information will be critical and should be protected to the greatest extent possible. Or maybe it’s corporate financial information, proprietary customer lists, or patents or trade secrets.
Next, find out specifically where this data resides (both physically and electronically) and how much it’s worth to your company. In other words, what would be the monetary loss or liability to your company if the data were stolen, compromised or improperly disclosed? Also be sure you understand any third- and fourth-party relationships that exist with the data.


2. “How do we back up critical data and where are the backups stored?”

There is a wide range of different types of data backup available to companies today — both on-site and off-site, physical and in the cloud. So determine specifically how your data is being backed up and how frequently backups occur. Also find out whether your data backups are being encrypted in order to enhance security even more.


3. “What are the layers of our cyber defense plan and how do they interact?”

A cyber defense plan should include multiple layers: data, application, host/computer security, network security, event correlation, physical security, identity and access management, and policies and governance. Your technology team should be able to explain each of these layers and how they all work together, as well as explain which threats are mitigated by each layer.


4.“How do we monitor for suspicious activity?”

For example, is suspicious activity monitoring done by qualified personnel on a 24 x 7 x 365 basis? Are key vendors connected to your network monitored? What about event aggregation and correlation and external intelligence and threat signatures?



5. “Does our cyber incident response plan include these key strategies?”

Cyber thieves today are relentless. The reality is that you could still be attacked despite your best efforts to prevent cybercrime. Therefore, your technology team should have in place a detailed cyber incident response plan that covers the following areas:
  • Business continuity after a cyber attack
  • Technical data and IT recovery post-attack
  • Forensic analysis to help determine the source and cause of an attack
  • Company reputation management to limit the public relations damage from an attack
  • Liability management to limit financial damage from an attack


6.“Who performs the information security function?”

For example, is this done by information security domain experts? Are these experts accountable to business leaders? And do they have support from qualified third-party partners when it’s needed?
During his presentation, Clark also identified the four most important components of a sound security program:
Prevention: This involves threat intelligence, visibility and testing.
Detection: What tools, processes and procedures will be used to detect cyber attacks if they occur?
Response: What kind of monitoring and analysis will be done to detect, identify, contain and eradicate cybercrime threats?
Prediction: Anticipating threats will help you contain cyber attack activity and limit any potential damage.


Next, read a two-part series on how you can protect your company from cybercrime:
Is your business as prepared for cybercrime as you think it is?


How to help protect your company’s most important assets
Download the infographic outlining six questions you should be asking your technology team.
This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.

Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.