Three important cybersecurity questions to improve your risk management now

Whether you’re a CIO or CEO looking into cybersecurity steps you can take to secure your overall enterprise, there are an array of questions that can help you pinpoint where you stand at the moment and what’s next, we’re going to give you three to start off with.

This knowledge is especially important if you haven’t conducted a security assessment or health check of your existing cybersecurity posture, which is actually quite essential to being anywhere with risk management.  Unfortunately, experience has shown us that most companies have not conducted such an assessment (we talk about this in our blog post on Conducting A Security Assessment if you’d like to take a look and find out more on the topic).

As a CIO reading this, we assume you are looking for ways to improve what you’re already doing, and these questions can definitely be of guidance.  As a CEO reading this, we assume you’ve become concerned with cybersecurity because you realize the importance of it, but you don’t know where to start.  Whichever the case, these series of questions will get you to know what actions you can take.

  1. One of the first questions you want to ask yourself is: How many business-critical pieces of infrastructure are using outdated technology?
    • Outdated technology represents risks for a number of reasons, one of which, the fact that they aren’t receiving patches or updates that can remove vulnerabilities hackers have learned to exploit (or will learn to exploit) and use to get into your network.
  2. Another question that you need to answer is: How many devices are connected to your network (internally and externally)? As well as, what privileges do those devices have to your network and data, and if it’s user-based access, what types of permissions do those users have, and access to exactly what type of data and parts of your network are granted through those permissions?
    • Any device, from mobile phones to printers, and any apps installed on those devices that are used for client management and/or team collaboration need to be accounted for because they are a means in (inside your network) for cybercriminals.
  3. A third and very important question (this may make you laugh, which is exactly why it’s such an important question): Do you have a website?  What custom management system (CMS) do you use? Is it WordPress, Joomla, Drupal? Do you know what plug-ins you use on the backend of your website? 
    • Did you know that over a quarter of all the major CMSs use the old and outdated MD5 hashing scheme as the default for securing and storing user passwords?  And that if you haven’t changed these default settings by modifying the CMS source code, your user passwords are at risk in the case a hacker steals your site’s database?

Based on these three questions, you now have a good idea of what areas you want to work on with cybersecurity in mind; well, at least those areas you use to conduct day-to-day business.  There are more areas of concern like: all of your third-party service providers such as your cloud provider or the data center you use; also if you have a server in the office; a storage facility with records and/or business data that holds sensitive information; and so on. 

Starting with what we’ve made clear to you through these questions at least you can get going with cybersecurity in those areas that are regularly at risk and that you need in order to be operational.  This should give you some sense of security that you’re actually working towards security.

But, if you find yourself at a loss on what’s next, you can always get in touch with us; or it’s definitely time to find an expert IT security professional that can help you begin this long-term and very important journey toward defending your data assets and business from cybersecurity risks.

To get in touch with NCX Group, feel free to schedule a time to talk!  Click Here

And if you’d like to get started through our recently added free MyCSO Cybersecurity Training offering for SMBs, which provides you with a health check, here’s the link: https://training.ncxgroup.com/free/

 

Photo courtesy of Who is Danny

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    About NCX

    NCX Group is committed to helping our customers identify and mitigate the risks inherent in today’s interconnected environments and business processes. NCX realizes that when it comes to helping businesses protect their critical information assets, the stakes couldn’t be higher.

    Company

    Services

    Copyright ©2025 NCX. All rights reserved