TIME TO READ: 5 MINUTES
If you put your company's network up against a team of hackers, how would you fare?
Everyone has a hard time answering this question. Most would say, "I'm not sure," or, "I think we'd be okay."
Why? Because it's often hard to quantify just how "secure" you are. The most common measurement of cybersecurity is that you haven't experienced a cyberattack yet. Not exactly a reassuring standard, we know.
A favorite client of ours likes to say “You can’t manage, what you can’t measure.” So, we decided to help quantify IT security for you.
We've created an IT Security Report Card!
This report card uses points, assigned by important cybersecurity tasks, to measure how safe you are from cyberattacks.
How to Use the Report Card
We designed the report card (below) so it only takes 5 minutes to go through. You can follow along with a notepad, or download & print this PDF version to tally your score.
If you're not sure about an answer, ask a member of your IT team.
Here's the report card. Each item earns a certain number of points, weighted by its relative importance to your network’s security. How does your company score?
THE PLANETMAGPIE IT SECURITY REPORT CARD
Add up the points for every security solution you currently have in place to see what kind of cybersecurity shape your company is in. Maximum score is 39.
- Our company has implemented cloud backups for all of our critical servers. The backups are encrypted with versioning and are hosted in two geographically-separate locations. (USB hard drive backups or backups to the same server are not considered safe backups.)
For our Office 365/G-Suite accounts (if applicable), we run a third-party cloud backup.
- We have cloud backups of all of our critical workstations. The backups are encrypted with versioning and are hosted in two geographically-separate locations. (USB hard drive backups are not considered safe backups.)
- We have business-grade network gear (routers/firewalls/switches), such as F5, Extreme, Juniper, and Cisco.
- We have a hardware VPN solution in place (such as Pulse Secure) for remote access to our internal network.
NETWORK SECURITY TESTING
- We perform quarterly network vulnerability testing (such as Qualys) to analyze our network and servers for potential exploits.
EMPLOYEE CYBERSECURITY TRAINING
- We require that our employees take cybersecurity training once a year.
EMAIL FILTRATION / SPAM PROTECTION
- We use third-party email filtration software (such as modusCloud) to reduce our risk of exposure to malware and ransomware threats.
- We have an Endpoint Protection Platform (EPP) solution (such as Malwarebytes, Norton, Sophos, Kaspersky) running on our servers and workstations.
- We employ an Endpoint Detection & Response (EDR) solution (such as SentinelOne) that uses Artificial Intelligence to detect threats by behavior, isolates them safely, and removes them from our servers and workstations.
- We have a policy that enforces disk-level encryption on all workstations in order to safeguard company data in case of device loss or theft. (i.e., Bitlocker, FileVault).
- We religiously catalog all decryption keys in Active Directory.
MOBILE DEVICE MANAGEMENT (MDM)
- We secure our company’s mobile devices with an MDM solution that provides anti-virus and locking/wiping services in case of device loss.
MULTI-FACTOR AUTHENTICATION (MFA)
- We employ multi-factor authentication as an extra security layer to help ward off spoofing attacks that attempt to steal employee usernames and passwords. (MFA is especially important for Office 365 and G-Suite users.)
How did you score? Use this chart to determine.
- A (38-44 Points): Top of the class! Your company has strong cybersecurity, and
you are well protected from cyberattacks.
- B (28-37 Points): Your company’s cybersecurity is above average but there’s still room for it to be stronger.
- C (18-27 Points): Your company has average cybersecurity, which by today’s standards doesn’t mean you’re safe.
- D (9-17 Points): Definitely room for improvement. Take a look at where you fell
short and give PlanetMagpie a call.
- F (0-8 Points): Failing score, which means you're a prime target for cyberattack Start implementing more security, pronto!
IMPORTANT TIP: If your company doesn’t currently have Cyber Insurance, you should seriously consider it. The higher you rank on this IT Security Report Card, the lower your insurance rates will be.
Now You Know How Secure Your Network Is. Does it Need Help?
As we said in last month's article, ransomware attacks keep going up. The more secure your network is, the better it can repel attacks from ransomware, from hacker gangs, and even from DDoS attacks.
If you have a high score, give yourself a pat on the back. You're in good shape, and we're glad to hear it. If you had a low score however, please give the scorecard to your IT team and ask for a security review.
Do you need an IT Security review? Request one from PlanetMagpie's Support team on our Quote Request page.