5 Tips for Creating a Cybersecurity Plan For Your Business

5 Questions CEOs and Business Owners Need to Ask Their IT Team

by | Nov 6, 2022

From the Desk of:
Gene Olson
CCR Technology Partners, Inc.

Many business owners shy away from asking questions of their IT team because they either don’t know what questions to ask or have difficulty following along with the answers provided by their IT team.

If a divide ensues, a business owner may desire to avoid IT strategy sessions altogether when the feedback they receive is in “geek-speak” and hard to translate. While most are passionately immersed in technology, the geek-speak simply becomes language they use in both their work and personal lives. Unfortunately, it can also be used to obfuscate situations or to improve job security.

In order to help you, here are five questions you need to be asking your IT team:

  1. What is our Cyber Security Plan and is it layered?
    Your cyber security plan must have the buy-in from upper management and filter all the way down to the lowest level. If not, it’s doomed to fail. Layers include the firewall, anti-virus software, active directory, user rights & privileges, wireless access, building access and more.
  1. What is our Backup & Disaster Recovery (DR) strategy, and is it air-gapped?
    How are we backing up and how often? What are we backing up to? Cartridges?  Internal servers?  Cloud? Are we getting backups off-site? Are our back-ups air-gapped? Air-gapped is a term meaning the backup, whether on a device or in the cloud, is not directly attached or pathed to where the hacker can simply follow the bread crumbs to where the backup resides…then lock it. Your DR backup must be disconnected from the server farm, i.e., “air-gapped”.
  1. What is the retention time we’re keeping backups?
    At what point does our data get overwritten on the media? Once a week? Once a month? Not good enough. Elongated backups of 6-months to a year are now the norm. The longer the time period, the better your chances of recovery from ransomware.
  1. Have we tested our backup and recovery system by trying to restore an archived backup?
    When was the last time and how did that test turn out? Not testing your restoration process is being unwise. Finding out your restoration process has holes at the very time you need it most is simply too late.
  1. When was the last time we patched and updated our software?
    Most, if not all hardware and software vendors are constantly pushing out “updates”. Those patches and updates are designed to strengthen your network security and to eliminate any recently uncovered vulnerabilities in hardware, software and/or applications running your business. It is imperative that your IT team consistently maintain and apply these patches and updates.  Anything longer than a couple of weeks, is a recipe for disaster.

If you get into the minutia of the answers and feel uncertain…ask for layman’s terms from your IT staff members. After all, your area of expertise is running your business and you hire out for those that manage the areas you don’t have knowledge in or time for. However, if you find the answers you receive do not meet your expectations and you need outside advice, please contact us. We can help you translate geek-speak to everyday terminology that is easily understandable.

CCR is your technology firm providing business advice on the technology that’s running your operation. CCR Technology Partners can help business owners mitigate risk and limit liabilities before they happen.

Gene Olson
CCR Technology Partners, Inc.
(317) 842-1754 ext 5201 or gene@goccr.com

See us on the web at https://goccr.com

See us on Facebook https://facebook.com/goccr

“We help our clients simplify, innovate & succeed”


Looking for a solution?

Helpdesk: (317) 288-7229 | Office: (317) 842-1754

Veteran Owned Since 1988