It can be comforting to think that the people safeguarding the human resources files stored on your companys network have it all under control. Before you add even one more sensitive file to the server, find out just how secure your systems truly are by asking IT these questions:
Who here knows how a hacker thinks? Someone needs to be able to tap into the mindset of the bad guys and stay on top of the techniques they would likely use to access your data.
Has IT assigned someone to try to get in and do their worst? Does this person know what the second step in the criminal process would be, where data would go next and whether its more likely to be used against you, held hostage or sold?
What would the first signs be that weve been hacked? IT should be able to pinpoint the red flags that somethings gone wrong. They should define the types of hack attacks so a websites odd behavior is not a total shock. Ask for specifics.
Who would get the alarm, and how? You should be able to sleep at night knowing that in a worst-case scenario, theres no instance in which IT would not wake up to the threat within minutes.
How long would it take to restore everything from backup? What if IT tells you its going to be six days before all systems are back online? Or 12? Or that server content has to be stitched back together in a way that will slow you down for weeks? Again, request specifics. If IT cant offer them, bring in consultants who can.
How physically protected are our servers? In case of a physical disaster storm, flood or even a break-in have someone assure you that theres nothing more that can be done to reinforce air conditioning systems, get machinery off the floor or secure locks and passcodes. Data security often comes down to building tangible things that are tough to break.