Follow Robert Linkedin
May 18, 2023

Ensure Your Technology is Working for You, Not the Other Way Around

Sponsored Content provided by Robert Duggan - Director, Information Security, North American Operations, Global Manufacturing and Distribution,

Keep your vision, operations, people, customers, and reputation safe with virtual Chief Information Officer (vCIO) / virtual Chief Information Security Officer (vCISO) support. 

As a responsible modern professional, you get it; that an independent qualified assessment of your cyber protection and information security is critical: Protecting operations. Avoiding financial loss, penalties, civil liability, reputation damage. You probably understand that your IT shop must be stress tested by an independent, objective professional that is going to let you know what is working well and what specifically needs to change or be enhanced, against today’s risk, and with respect to your operations and plans.

Even if you are a non-technical professional, you probably get that the cyber and information security threat landscape is constantly changing. Here are a few acid test questions for your IT shop that will give you a picture of how current you are (apologies in advance if this ends up being a tough discussion…) 

  1. Do we use endpoint detection and response technology that scans not only for signatures / known malware but abnormal machine and user behaviors? How do you know it is fully deployed to all endpoints including servers and is operationally effective?
  2. Do we have advanced threat protection enabled on our email that scans attachments and links before they can be opened, and will that advanced threat protection quarantine those emails away from my employees? What is protecting our employees from directly downloading hostile executable files from the internet?
  3. Show me how our backups are secured on an archival basis so that one infected file volume will not be able to infect the archives? Have we tested our recovery process?
  4. How are our employees performing on automated simulated phishing attempts and is the remedial/periodic cyber awareness education automated? How current are our employees with that training?
  5. What are the results from our most recent vulnerability scan and how many critical vulnerabilities were identified?  How are we keeping our systems, applications, and users’ security patched? How are we monitoring the security stack apparatus such as firewalls (is that apparatus even current?) How are we monitoring traffic origins, and suspicious logins? What data loss prevention settings are in place?
  6. How are we securing privileged user access to firmware and critical applications. Is Multifactor authentication enabled for all users? Are passwords and passphrases enabled with required resets at least every 90 days?
These are only an example of some high impact controls that ALL organizations should have in place to defend against current attacks.  
Now, your business environment, support processes, and informational needs are constantly evolving. You need to look at how your architecture and applications are supporting your current 3-year outlook.  

With substantial operational dependence on IT, this will require a continuous lens, if not at least periodic quarterly consulting and health checks to ensure your systems are serving your objectives and your people, clients / customers / patients are protected and secure.  

The process should start with an initial cyber & information security assessment. During this phase your vCISO / vCIO will inventory your systems and processes against applications, infrastructure, and examine your defenses and resiliency against cyberattack and data loss. It is my experience that the IT team (internal or external) is going to need some help ensuring the corrections are made properly to address the risk exposures. Then you are going to need some ongoing support for periodic re-evaluation and staying current, process improvements, and supporting growth.

The independent vCISO / vCIO support experience you should be seeking:

I am here to help Coastal NC organizations with informal advice on cyber and technology, alongside supporting UNCW’s Center for Cyber-Defense Education and the development of cybersecurity professionals. If you would like some directional assistance, please let me know by contacting me via Linked In.

Ico insights



Paving the Way to Better City Streets

Tony Caudle - City of Wilmington

What You Need to Know About SECURE 2.0 and Its Effect on Retirement Plans

Jason Wheeler - Pathfinder Wealth Consulting
Chris 16239425

‘Creative,’ An Adjective To Describe Your Accountant?!

Chris Capone - Capone & Associates

Trending News

Bank, Nonprofit Look To Lease Skyline Center Space From City

Emma Dill - Feb 19, 2024

Homebuilders Association Adds Taylor As Director Of Business Development

Staff Reports - Feb 20, 2024

Insurance Company Leases Space In Upcoming Midtown Office Building

Cece Nunn - Feb 20, 2024

Coffee Shop, Bar Takes Flight In Downtown Wilmington

Laura Moore - Feb 21, 2024

Local Women's Impact Network Announces Board Officers, Members

Staff Reports - Feb 20, 2024

In The Current Issue

Trouble Brewing: How A Social Media Post Bubbled Over For A Wilmington Brewery

Social media can influence which local breweries are favored among patrons and restaurants. This dynamic played out recently with an online...

MADE: IKA Works Inc. Equips Labs

IKA Works Inc. manufactures products used by universities, biotech companies and more....

State Real Estate Leader Weighs In

"Forecasts from leading economists suggest a downward adjustment in interest rates by the middle of the year, a development that could notab...

Book On Business

The 2024 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!



2023 Power Breakfast: Major Developments