Skip to Content

Seven-point cybersecurity assessment: Identify your organization’s digital risks

March 15, 2021 Article 3 min read
Joe Oleksak
Are your information security controls as effective as you intend them to be? How often do you evaluate the strength of your network and identify potential risks? Assess the strength of your organization’s cybersecurity program via our seven-point assessment.

Graphical display of seven point cybersecurity assessment.

Are you working aggressively to protect your information systems and data, yet you’re still unsure of the effectiveness of your security controls?

These seven areas can shed light on how well you’re protecting the confidentiality, availability, and integrity of your information and IT assets, as well as compliance with various security and privacy regulations.

By strengthening these seven areas, you can prevent a cybersecurity incident from happening to your company.

1. Users: Train users & assess their risks

To perform their day-to-day functions, users are provided with access to your systems and data. These users can present a high risk to your organization, mostly from negligent practices such as weak passwords, indiscriminate downloading, phishing attacks, etc. It’s important you properly on-board, train, and hold your users accountable for their actions on information systems. This includes regular review of your on-boarding and termination processes, system access rights, and user awareness training.

2. Network: Monitor & defend against evolving cybercrime

Your network is an interconnected group of systems that communicate and operate together on a technology infrastructure, including software, hardware, services, and other resources. Your network should be hardened through proper configuration and separation from public networks. It should also be periodically tested and continuously monitored to help detect and defend against potential cyber incidents.

3. Access: Review user permissions annually

Access refers to your user’s permissions and how they are restricted based on roles and responsibilities. Permissions should be annually reviewed and access levels granted, revoked, or changed per duties.

4. Vendors: Protect vendor data

Third-party service providers support your organization’s operations with IT services. Your organization should have vendor oversight to ensure no vendor security breaches take place and any data shared with vendors is duly protected. This includes a process for vetting vendors and their roles and responsibilities and reviewing vendor contracts for cybersecurity disclosure notification language and confidentiality clauses.

5. Incident Response: Prepare for, respond to, & recover from cyberthreats

Your organization should have a tested process and plan in place to respond to a cybersecurity incident. Without a formal plan, your customers, employees, IT systems, and even brand can be negatively impacted. Your incident response team should include representatives from all major departments and internal or external legal counsel.

6. Emerging technology: Access all connectivity points

The technology landscape is constantly changing as businesses become increasingly more advanced and connected through various devices. Your organization should plan for the security risks these new technologies bring. This includes reviewing mobility, remote connections, cloud computing, and other connectivity points.

7. Common threats: Defend against phishing, malware, & data loss

Cybersecurity incidents are constantly evolving and the impacts are becoming more severe. Common threats include phishing attacks, malware, account hijacking, removable media, denial of service, and Intellectual Property (IP) theft. You should proactively evaluate your organization’s safeguards to ensure you have protection from these common threats.

This thought-provoking exercise is crucial; without it, you simply can’t know if you have the correct controls to diminish the perceived risks. With our help, you can get ahead of any unforeseeable problems by developing strategies, from the results of our seven-point cybersecurity assessment, to strengthen the areas that present the most risk to your organization. Contact us to start the assessment process now.

Cyberthreats: It's not if, but when

Watch our expert, Sarah Pavelek, as she shares the top five cybersecurity concerns that executives should be looking out for.

Related Thinking

October 25, 2021

Turning risk into opportunity: Five questions to ask

Article 8 min read
October 21, 2021

Are you prepared for the next disruption? An enterprise risk management handbook

White Paper 16 min read
April 29, 2021

Keep IT right-sized through growth and change

Article 4 min read