Skip to content

Cyber Security Questions Every Small Business Should Ask

Cyber Security Questions Every Small Business Should Ask

Cyber security is a difficult subject for many people. The subject matter is highly technical and not everyone is well-versed in the crucial concepts. However, every business needs to think about cybersecurity, as it has become a massive worldwide problem. Thankfully, you don’t need a tech degree to understand the basic ideas of cybersecurity. When acquiring cybersecurity services or inquiring about them, every small business should ask themselves these essential cybersecurity questions.

What Is Cybersecurity?

Cybersecurity is a broad term that encompasses a lot of things. It includes all measures that are intended to protect from digital risks. Of course, it includes things like network encryption, network monitoring, antivirus software, threat hunting, firewalls, and all sorts of other defensive measures.

Digital risks can sometimes involve the physical world (i.e., someone steals a thumb drive that contains crucial information). Digital assets like data can be stolen using digital means, but they can also be stolen through physical means. Thus, the field of cybersecurity also includes physical access threats, as long as computerized assets are involved.

Is My Business Cybersecurity System Robust?

This question can only be answered by a qualified expert, so there is an obvious solution: Get the opinion of a qualified expert! There are many ways in which they can examine and test your cybersecurity situation. Until things are tested, this question is nothing but opinion and theory. Everyone thinks that their cybersecurity system is “robust,” but that’s not good enough. You need to know that your cybersecurity system is the best that it can be.

Are My Employees Adequately Educated About Cyber Security Threats?

If you have to wonder about this question, the answer is probably “no.” Most people are not sufficiently educated about cyber security threats, and that is one reason why these threats continue to persist and grow. Remember: Every uneducated employee is a potential data breach.

To explain that last part: The majority of cyber attacks begin with what is called a “social engineering attack.” These are usually just a computerized form of con artistry, with the goal being to trick authorized users into revealing their login credentials and passwords.

Phishing emails are by far the best-known example, but the threat doesn’t end there. Any form of digital communication can potentially be used for phishing attacks. Thus, we get terms like “smishing”(phishing with SMS text messages), “vishing” (phishing with video files/links), and a whole host of others. The bottom line is this: Without good employee education, a phishing campaign is far more likely to succeed.

Why Are Ransomware Attacks A Continued Threat?

Ransomware attacks continue to be a problem because no one has figured out an effective way to stop them. On the plus side, there are many ways of mitigating the damage. However, preventing this sort of thing from happening in the first place is very hard. Even some government agencies have fallen prey to ransomware. Data backup is a good place to start, but this threat will continue to grow until more effective countermeasures are found and implemented.

Can You Test Your Cybersecurity?

As we mentioned in question 1, there are many ways in which you can test your cybersecurity. The most effective way is called “penetration testing.” Basically, you pay some experts to try and hack your system. The purpose is to find out how vulnerable the system is and where those vulnerabilities might be.

What is Network Security Monitoring?

Network security monitoring is the practice of monitoring a particular network for suspicious activity. At a basic level, the internet consists of many billions of small files, flying all over cyberspace in whatever way they are directed. These small transport files are called “packets” and they can be monitored in real-time. Network monitoring is highly useful because it works for pretty much all systems and situations.

What Is The Difference Between Endpoint Security and Antivirus Software?

“endpoint security” is a general term that refers to the securing of specific end-user devices. For instance, putting a firewall on the laptops in your office would be an example of endpoint security. In cybersecurity terms, an “endpoint” is any point of user access like a PC, laptop, or mobile device. Antivirus software is just a specific type of endpoint security. Thus, they are related, but not quite the same.

How Much Should Your Company Invest in Cybersecurity?

That all depends on who you are and what you are protecting. For instance, if you handle a lot of financial information (like credit card numbers, bank routing numbers, etc.), then you definitely need to invest a significant amount of money in cybersecurity. On the other hand, if your company doesn’t handle a lot of sensitive data, your security can be a little lighter. For small businesses, it’s all a question of your needs, as well as your likelihood of being targeted by hackers.

What Happens If Your Business Experiences A Breach?

Best-case scenario: The breach is detected early and prevented from becoming as large. All affected persons and groups are immediately notified, and an investigation is done to determine how the breach happened. When the vulnerability is found, it is dealt with in such a way that no one can utilize it for future attacks.

Worst-case scenario: The company chooses to conceal the breach or lie about its extent. They write off the damages and move on. Because they did not attempt to deal with the cause of the problem, they may be targeted again. Because they were not honest about the breach, they could face all sorts of legal liabilities down the road. If their deception is exposed, the company’s reputation will probably be ruined forever.

What Are The Benefits Of 24x7x365 Security Operation Center?

The benefits of constant security should be obvious. You never know when a problem or an attack will occur. It could happen at 6 in the morning or at midnight…there is simply no way to know. Further, if your SOC is not in operation at certain times, that represents a security hole that could be exploited.

Are Your Employees At Risk Of A Cyber Attack?

This relates to our previous question about employee education. As we said before, every uneducated employee is a potential data breach. Also, employees who don’t use strong passwords are at a higher risk of being targeted. Employees who use unsecured personal devices for work purposes are also at a higher risk.

What is Bring Your Own Device (BYOD)?

This is a policy that some businesses use. Employees are allowed to bring their own devices and use them for work purposes. While this is fine for some business models, it can represent a potential security hole. If you choose to go with a BYOD model, you should definitely make sure that personal devices cannot connect to your business network without using a VPN. Thus, even if their personal devices are not fully secured, it will be very difficult for an attacker to affect your business.

What does a Business Continuity Plan Typically Include?

This is a contingency plan that is meant to ensure continued business operations in the event of a major disaster. In a cybersecurity context, that usually means a major data breach, a ransomware attack, or some other serious disaster.

Such plans will normally include plans for mitigating the damage and preventing further losses as the first step. After that, the next priority is to find out what happened and how it can be prevented in the future. In the meantime, however, alternate methods of doing business must be used. If these alternative methods are not set up in advance, your continuity plan isn’t likely to do well.

What Types Of Businesses Are Most At Risk For A Cyberattack?

Based on reported attacks, it seems that the manufacturing industry is the most common target. Of course, a great many types of companies fall into this category. Other frequently-targeted industries include retail, legal services, and medical databases. That being said, any type of business could potentially be attacked.

What’s One Of The Biggest Cybersecurity Challenges Businesses Face?

Take your pick. There are all kinds of cybersecurity challenges for businesses. In general, we would say that social engineering is probably the biggest threat at present. These kinds of tactics give criminals a way to circumvent most security barriers and it only takes one foolish action to give them that opportunity.

Are Organizations Doing Enough To Combat Cyber Threats?

Based on the continued prevalence of cyberattacks in the world, we would have to say no. Of course, some organizations are doing everything in their power to combat cyber-crime. However, it doesn’t seem to be the norm.

What Is The Most Common Type Of Cyber Attack?

Malware-based attacks would probably be the most common. Most of the primary tricks that are used by hackers will involve some sort of malware. The only question is what it does and how it will deliver its effects.

What Are Some Common Types Of Computer Viruses?

We couldn’t possibly list all of them here, as there are too many. However, common types include:

  • Worms
  • Trojans
  • Spyware
  • Adware
  • Resident viruses
  • Multipartite viruses
  • Direct action viruses
  • Browser hijacker viruses
  • Overwriting virus
  • Web scripting virus
  • File infector
  • Network virus
  • Boot sector virus

What Is Malware?

Malware is any kind of software that is intended for malicious purposes (hence the name). Any software that is intended to harm its host system would fall into this category.

What Is Ransomware?

Ransomware is a specific type of malware that works by using encryption as a weapon. They encrypt a whole system using specialized malware, and then they make a ransom demand. They tell the victim that if the ransom is paid, the password to unlock the encryption will be provided. However, the attackers don’t usually keep their word, as there is no real motivation for them to do so.

How Do You Build A Cybersecurity Solution?

That all depends on the nature of the problem. Most cybersecurity solutions take the form of hardware or software, and most of them are designed to deal with specific threats.

What Should I Do If I Suspect A Cyberattack?

The first thing you should do is disconnect from the internet entirely. This will give your IT people a chance to check out the suspicious activity that has presumably been detected already. If you find that an actual attack did take place, the authorities should be informed straight away. At that point, the damage is assessed so that all possible fixes can be applied. Finally, make sure that the avenue of the attack is found and closed.

How Much Does Cybersecurity Cost?

This varies a lot from company to company. Obviously, a small business does not need to spend nearly as much as a multinational corporation. When you consider the potential costs of a cyber-attack, cybersecurity doesn’t cost that much at all.

Cyber Security vs IT Security: Is There a Difference?

There is a difference here, but it’s not a large one. Cybersecurity is a blanket term that covers more ground. It does include IT security, but it also includes a lot of other things. IT security is specifically concerned with the systems and devices that store and transmit information.

What Is The Impact On Businesses From Cyber Attacks?

Cyber attacks can be large or small, but all of them tend to be pretty damaging. The criminals who carry out these attacks are generally out to get as much as possible, whether that be in terms of loot or damage. Some cyberattacks have cost hundreds of thousands or even millions of dollars, so there is no real limit here.

What Cyber Attacks Are The Hardest To Prevent?

An expertly-done phishing campaign is probably the hardest cyber attack to prevent. In most cases, fake pages can be spotted because there will be small details that are not right. For instance, if you are supposedly on the website of a major company, but you see all kinds of misspelled text, that is a red flag. Unfortunately, some of the fakes are near-identical to the real thing, and a lot of people will fall for these.

What Do Cyber Attackers Want?

In general, these types of criminals want one of two things: To take your money or do damage. The latter would be true in cases of personal revenge or political agendas. However, in most cases, these criminals are just looking for an easy payday.

How Can A Cyber Attack Be Prevented?

Cyber attacks are prevented by using a “layered” security system that presents as many barriers to an attacker as possible. Sure, they can get past any one or two security measures…but when you start combining them, their task becomes a lot more difficult. By separating your networks and systems in levels from “least secure” to “most secure”, you can create a multi-layered “security onion” that will be very hard indeed to penetrate.

Do you use two-factor authentication?

This one is easy: Yes. You should always be using multi-factor authentication wherever possible. Why? Well, it relates to the previous question. MFA gives you yet another way to create barriers and you want lots of those.

What are the Security Risks of Cloud Computing?

Cloud networks can be as secure as any other…but only if they are configured properly. Many cloud networks are not configured securely by default, and this is why there have been so many cloud jacking incidents. Cloud networks are less separated and more interconnected, and that creates special risks.


Each of these questions is essential to determining your cybersecurity plan. The needs of every business are different, especially when we are talking about small businesses and “niche” businesses in particular. Of course, if you need any additional questions answered, you can always call PCH Technologies at (856) 754-7500.