July 7, 2021

Two Questions to Ask Yourself to Assess the Security of Your Systems

Cybersecurity is relevant now more than ever. It’s in the news every day and many of us are faced with the same reality—there's no end in sight. Whether you’re in the cloud already or still working on traditional servers, these risks and incidents apply to everyone. Security threats impact not only your business continuity, but also your potential customers, your reputation, and your mission.  

It falls on leaders to carry the weight of a secure IT environment. So, how can you actively protect your businesses’ assets and find some peace of mind?  

Ask yourself these two questions when evaluating the security level of your systems: 

1. What're you trying to protect?

If you’re not sure, consider taking these next steps: 

  • Sensitive Data Discovery: Identifying sensitive data and where/how it is stored is an important first step in knowing what your risks are and how to stay protected.
  • Data Classification Program: Once you know what your sensitive data is, establish a data classification policy and program to clearly label sensitive and unsensitive data so that proper controls can be put in place. 
  • Risk Assessment: The next step is to perform a Risk Assessment, where the vulnerable/sensitive data and systems are evaluated against possible threats. 

2. What are the biggest security threats to your systems?

Potential threats might include phishing attacks, malware, viruses, etc. You can identify threats by running:

  • Risk Assessments: Again, Risk Assessments are important to identify exposures and vulnerabilities. In the security world, exposure times vulnerability equals risk. E x V = R...facts!
  • Vulnerability Assessments: Use tools to scan for attack vectors. I often see clients jump straight into external penetration testing, which I analogize as inviting someone to break into your house without checking to see if your doors are locked first. You want to have a third party verify your security controls, not discover vulnerabilities. 
  • Specific Subject Security Assessment: Infrastructure, application, cloud, etc... These are low-level and deep subject assessments on specific pieces of your security puzzle. How are your cloud environments protected? How does this flow into the way your application is protected? A specific assessment goes deep into an area to provide recommendation and remediation strategies. 

Are you confident in your ability to detect and respond to these threats today?

If you lack confidence in your current security measures, consider identifying what to protect and what your biggest threats are. Not knowing could potentially put you, your team, and your customers at risk.

We offer assessments and security expertise to protect our clients and instill peace of mind. Whether you’ve been audited, hacked, faced with new regulations, or frankly just worried about increasing cybersecurity threats—we can help. Shoot me a message for feedback on your current security measures. We'd love to provide the confidence you need to keep moving forward.


Don Mills

Chief Security Architect
View profile