Do you have a company? or are you working in a field which demands you to be secure and safe? then use these 100 questions. Ask these questions to your security expert and you will get an insight on the security status of your company or environment. It is important to remember that security experts are humans. They are not machines that remember everything.
If your security expert or security manager is unable to answer these questions, then explain that it is important to get an insight on those missing answers as they are critical to the security status of the company/service. A couple of months ago we made a massive list of 100 security tips which will enable you to be more secure on the internet and on the workfloor.
One of the biggest reasons you should use these 100 questions is because of the following fact. Advanced Persistant Threats or ‘cyber attacks’ are increasing. The reason behind this is the fact that Windows XP is no longer being supported by Microsoft. This allows the cybercriminals to abuse millions of vulnerable Windows XP devices. DDoS attacks are increasing as Content Management Systems are more advanced then they were a couple of years ago. Hackers and cybercriminals are able to launch massive DDoS attacks by simply infecting vulnerable WordPress websites.
Recently The Netherlands published a report on how they replicated NSA techniques which allow them to hack phones via malicious SMS messages. The techniques and the idea of hacking phones with malicious messages was leaked by Edward Snowden.
Cybercriminals are abusing social media networks to infect unaware people with malicious code. Your security expert has the task to inform and spread awareness to users which could infect the environment of the company. This massive list of Facebook malware and schemes shows how hackers are using various techniques and methods to infect unaware and aware people with malicious code.
Ask your security expert these questions on Social Media
By asking these 10 questions, you will be aware of the social media security status in your company. These questions allow you to brainstorm with the security expert about possible social media threats.
WordPress is one of the most used CMS software in the world. The chance is very high that your company is running a version of the WordPress CMS. If this is not the case, the following questions will still be effective. The questions below will give you an insight on the security status of the websites which are managed by your security experts and administrators. Cybercriminals are defacing company websites, hacktivists are DDoS’ing government websites, so there are enough reason to take a look at the security status of your corporate website(s).
Ask these questions to your security expert and you will get an insight on the security status of your webapplications.
Work hard, Play hard!
You, me, your security expert and everybody else will always be a weak link in the security infrastructure a company or service.I mentioned it before, we are not machines. We make mistakes and tend to ‘forget’ things. Cybercriminals are aware of these facts and they will exploit the human weakness to gain information about their target. Government agencies will use spies to infiltrate companies. These spies will perform espionage on the infiltrated company. Espionage and cybercrime is a big problem for companies as this directly hits their (future) finances.
Ask your security these questions about social engineering awareness:
Play hard, secure hard!
Virtual security is a good thing, but if a hacker is able to breach the physhical computer security, he will be able to do anything with the computer. It is important to keep in mind that hardware is being used by cybercriminals and hackers to obtain valuable information. The perfect example is a USB keylogger which can be plugged at any USB port.
Ask your security expert these questions on physical computer security
We all love WiFi, it allows you to be connected to a company network while you are moving around in the company. The personal of the company wants to use WiFi as this allows them to work faster and on various places. They demand a easy method to stay connected to the internet and they want to have their possible clients to be able to use the company WiFi networks. These demands can be found in each company. A security expert will have to think about how he will secure the company from malicious WiFi users.
Ask your security expert these questions on WiFi security:
Edward Snowden, AnonGhost, The Syrian Electronic Army and various hackers have shown countless times that they will leak information on the internet. Your security expert will have one question which will run through his mind all day long. When will we get hacked, and how will we respond to it?
Once information has been leaked on the internet, it is very hard to delete it from the internet.
Ask these questions on ‘Information leakage’:
Your business or service needs to be stable and needs to generate money. A lot of companies need their webstore, cybercriminals are aware of this. Hackers and hacktivists will launch DDoS attacks on webshops as this will directly stop the flow of money.
Ask your security expert these questions on the security status of your business continuality:
As mentioned above, there are a lot of devices which can be used in the company. Ask your security expert and administrator these questions on the devices on your company.
It is possible that people in your company are allowed to bring devices back to home. This could be laptops, tablets, smartphones or other smart devices. These security status of the devices decreases as the devices leave the managed environment of the security expert. Once the mentioned devices are being used at homes, hotels, cafes, restaurants or pubs the chance increases that a malicious user will be able to infect the mentioned devices.
Ask your security expert these questions:
Use this massive list of questions to have a perfect insight in the security status of your company. These questions will open up a positive conversation between the manager/employer and the security expert. Did you enjoy this massive list of security questions? or do you have additional questions which can be included in the list? Then leave us a comment!