Cybersecurity has been a bottom-up discussion when it should be a top-down strategic business conversation. In our business environment, acquisitions are prevalent. We want you to be aware of the operational risk questions that can improve operational success and protection.
Have you inherited by default or inadvertently through the absence of awareness a cybersecurity exposure? Please make note of several key areas where you may be adding additional risk to your ongoing operational risk.
- Are you currently SOX Compliant? When did you complete your last SOX review?
- Have you tracked your assets (both tangible and intangible)?
- Have you provided documentation about your internal audit efforts or training with regards to security policies and procedures?
- What is your cybersecurity budget? What investments have you made in recent months/years to protect your assets?
- Have you acquired companies in the past? Have you integrated those acquisitions from an infrastructure standpoint or are they running duplicate systems?
- What is your business process with regards to remote, cloud and mobile access?
These are just a few of the questions you should be asking yourself. And while you are asking these questions, how are you protecting yourself from business interruption should any of these issues result in a compromise of your systems? Consider performing an assessment of your policies and processes to safeguard your sensitive data and systems.