MiMfg Magazine
18
April 2018
Three Questions to Ask Your
IT Staff About Cyber Security
By Joe Malott • Yeo & Yeo Computer Consulting
In many organizations and companies,
the president, CEO or CFO has the difficult
responsibility of overseeing the IT department,
if the company has one at all. We understand that
it can be challenging. Your role is focused on
business strategy, so we don’t blame our clients
when they share the disconnect they feel they have
with their internal IT departments. Often you are
put in a position to just take the word of your IT
manager, and that can be unsettling.
As a responsible party, it boils down to a simple
question — when it comes to cybersecurity, how
do you know that your organization is secure? Of
course, we want to place the utmost trust in our
IT department, but when someone comes to you
asking questions, we want to prepare you with the
knowledge you need. Below are three questions, and
a little background about each topic, so you can be
confident when reporting to your board or company
executive about the security of your company’s data,
and your role in managing the IT department.
1
Bonus What is our plan to reduce our vulnerability?
Of the organizations and companies we
have worked with to determine their
vulnerabilities, we have found that while
their initial vulnerability tests are high, there
are proven, quick and efficient ways to train
and educate employees to spot cybersecurity
threats. The bottom line is, your company can
purchase the most advanced firewalls and
security software, but one wrong click could
result in all the data on your network being
hijacked by a ransomware virus.
When was our last software update and patch?
It is critical to keep all of your computers’
software and patches as current as possible. I
know what you are thinking — that is great, but
what is a patch!? Software companies, such as
Microsoft, constantly release software security
updates and “patches” that need to be applied to
the computers on your network to keep them as
secure as possible. When your patches and
software are not up to date, you are significantly
more vulnerable to viruses and malware.
PRO TIP: Request regular patch reports that
you can keep on file should you ever be in a
situation that you need to prove your software is
up-to-date. I strongly recommend this because
it is a simple way for you to be sure your team is
updating all computers on the network rather
than only taking their word for it. These reports
may come in handy when negotiating cyberse-
curity insurance.
2
but they lead to websites that could destroy
your security, or hold your data for ransom.
How susceptible are our employees to a phishing attack?
A phishing attack is a form of social engineer-
ing that cybercriminals use to deceive users and
exploits weaknesses in your network security.
These attacks often come in the form of an
e-mail or instant messaging and look very real,
PRO TIP: Are you attending the MFG Forum
on 5/9/18 in Novi? In partnership with MMA,
Yeo & Yeo Computer Consulting will present
three case studies of participating MMA members
and offer a free vulnerability assessment to all in
attendance. Learn more and register at mimfg.org .
3
What is our password policy?
It doesn’t take an IT whiz to figure out that
the more complex your passwords are, the
more difficult they are to crack. While a
password policy is great, a complex password
policy is preferred. We recommend your
complex policy includes, but is not limited to:
1. Change passwords on a regular basis —
every 90 days.
2. Set a minimum password length —
for example, 14 characters.
3. Require special characters and capital letters.