Follow Robert Linkedin
May 18, 2023

Ensure Your Technology is Working for You, Not the Other Way Around

Sponsored Content provided by Robert Duggan - Director, Information Security, North American Operations, Global Manufacturing and Distribution,

Keep your vision, operations, people, customers, and reputation safe with virtual Chief Information Officer (vCIO) / virtual Chief Information Security Officer (vCISO) support. 

As a responsible modern professional, you get it; that an independent qualified assessment of your cyber protection and information security is critical: Protecting operations. Avoiding financial loss, penalties, civil liability, reputation damage. You probably understand that your IT shop must be stress tested by an independent, objective professional that is going to let you know what is working well and what specifically needs to change or be enhanced, against today’s risk, and with respect to your operations and plans.

Even if you are a non-technical professional, you probably get that the cyber and information security threat landscape is constantly changing. Here are a few acid test questions for your IT shop that will give you a picture of how current you are (apologies in advance if this ends up being a tough discussion…) 

  1. Do we use endpoint detection and response technology that scans not only for signatures / known malware but abnormal machine and user behaviors? How do you know it is fully deployed to all endpoints including servers and is operationally effective?
  2. Do we have advanced threat protection enabled on our email that scans attachments and links before they can be opened, and will that advanced threat protection quarantine those emails away from my employees? What is protecting our employees from directly downloading hostile executable files from the internet?
  3. Show me how our backups are secured on an archival basis so that one infected file volume will not be able to infect the archives? Have we tested our recovery process?
  4. How are our employees performing on automated simulated phishing attempts and is the remedial/periodic cyber awareness education automated? How current are our employees with that training?
  5. What are the results from our most recent vulnerability scan and how many critical vulnerabilities were identified?  How are we keeping our systems, applications, and users’ security patched? How are we monitoring the security stack apparatus such as firewalls (is that apparatus even current?) How are we monitoring traffic origins, and suspicious logins? What data loss prevention settings are in place?
  6. How are we securing privileged user access to firmware and critical applications. Is Multifactor authentication enabled for all users? Are passwords and passphrases enabled with required resets at least every 90 days?
These are only an example of some high impact controls that ALL organizations should have in place to defend against current attacks.  
Now, your business environment, support processes, and informational needs are constantly evolving. You need to look at how your architecture and applications are supporting your current 3-year outlook.  

With substantial operational dependence on IT, this will require a continuous lens, if not at least periodic quarterly consulting and health checks to ensure your systems are serving your objectives and your people, clients / customers / patients are protected and secure.  

The process should start with an initial cyber & information security assessment. During this phase your vCISO / vCIO will inventory your systems and processes against applications, infrastructure, and examine your defenses and resiliency against cyberattack and data loss. It is my experience that the IT team (internal or external) is going to need some help ensuring the corrections are made properly to address the risk exposures. Then you are going to need some ongoing support for periodic re-evaluation and staying current, process improvements, and supporting growth.

The independent vCISO / vCIO support experience you should be seeking:

I am here to help Coastal NC organizations with informal advice on cyber and technology, alongside supporting UNCW’s Center for Cyber-Defense Education and the development of cybersecurity professionals. If you would like some directional assistance, please let me know by contacting me via Linked In.

Ico insights


Junegunter teachinghorse headshot 5721115557

What Is Next?

June Gunter - TeachingHorse

Realtor Referral Program

Crystal Fidler - America's Home Place

The Forefront of Innovation: ChatGPT through an Investment Lens

Jason Wheeler - Pathfinder Wealth Consulting

Trending News

Winner Announced Of 2023 Coastal Entrepreneur Of The Year Award

Cece Nunn - May 31, 2023

New Brunswick Water Plant Starts Pumping

Jenny Callison - May 31, 2023

Dosher Hospital Foundation Announces Endowment

Jenny Callison - May 30, 2023

Revamped Menu Nudges True Blue Butcher And Barrel Toward Original Vision

Miriah Hamrick - May 31, 2023

Shell Reappointed, Sosne Sworn In To CFCC Board Of Trustees

Staff Reports - May 29, 2023

In The Current Issue

Info Junkie: Robert Parker

Robert Parker, chief operating officer of Cape Fear Solar Systems, shares his top info and tech picks....

Sand Decisions

Renourishing Wrightsville Beach, as is the case in other area beach towns grappling with the same issue, isn’t just a matter of aesthetics....

Shipping Containers Keep It Cool

As of April, offshoot Craftspace Commercial had produced 10 40-foot refrigerated units for short- or long-term rental, provide secure storag...

Book On Business

The 2023 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!



2023 Power Breakfast: Major Developments