I want to show you how to find out if your company is at risk for a cyberattack.
This year has been one of change for most companies, and that change has brought about risk.
With more people working from home, most companies were not prepared for the security challenges that working from home created.
One of the main problems created were new ways for “bad actors” to infiltrate and attack your systems. Adding to that, most people haven’t recently conducted a security assessment / security audit.
If you want to figure out if you’re at risk for a cyberattack, ask yourself these questions:
- Do you have a complete handle on all of your security controls?
- Do you know if you have all the right security controls in place?
- Do you fully understand what all of your security controls do?
- Have you changed your security controls since the start of the current “Covid environment”?
- Have you updated your security plan in the last 3 months?
- Have you conducted a security audit in the last 3 months?
- Would you be able to prove/show an expert that your systems are secure?
- Can you say with high confidence that every security control you have in place meets your company’s needs and risk profile?
If you answered “no” to any of the questions above, you should consider conducting a security assessment soon. If you answered “no” to more than one question above, you should conduct a security assessment now. And if you answered “no” to all of the above, you have serious security concerns and your company may be easily attacked.
It’s easy to think that your current security controls have you covered. However if you look at recent news, ransomware attacks at Grubman Shire Meiselas & Sacks law firm and SEI Investments had significant impact on their businesses.
Here’s what is important to note: both companies thought they had adequate security controls in place.
Then, the last question you should ask yourself is could your business survive a ransomware attack or any other cyberattack? It doesn’t have to be a high profile attack to knock your business out for days/weeks and cost you a LOT of money. Can your company take the financial hit?
Regular security assessments will ensure your company has up-to-date controls that have been tested, which is another important step. You need to test your security controls, backups, etc. regularly to ensure they work. Many companies never test their security.
When conducting a security assessment / review, make sure you do these five things:
- Get a clear picture of what controls you have in place now, what they do and don’t do, and what they prevent and don’t prevent.
- Develop a detailed roadmap that shows you how to correct the weaknesses/vulnerabilities and provides clear plans on how to make those corrections.
- Transform your security controls, meaning make sure the changes take place.
- Put meaningful metrics in place so that you always know where you stand and are monitoring them on a regular basis.
- Finally, schedule regular reviews of your security controls to ensure they are always up to date. At a minimum this should be done quarterly.
We developed a proprietary system called the ROI Transformation Method, that takes you through each step above. The actual security assessment is just the first phase in the process — which we call ROI Assessment — and is meaningless unless you conduct the other 4 phases in our method. Without completing all five steps, you won’t have maximized the ROI you are getting from your security controls nor will you have minimized your risk of an attack.
An ounce of prevention now will prevent pounds of pain down the road. You don’t want to find out the hard way that your company was not as well protected as you thought.
If you’d like to learn more about how the ROI Transformation Method can help you maximize the ROI of your technology while minimizing your tech and security risk, reach out to set up a quick call.
Share this Post

