Follow Robert Linkedin
May 18, 2023

Ensure Your Technology is Working for You, Not the Other Way Around

Sponsored Content provided by Robert Duggan - Director, Information Security, North American Operations, Global Manufacturing and Distribution,

Keep your vision, operations, people, customers, and reputation safe with virtual Chief Information Officer (vCIO) / virtual Chief Information Security Officer (vCISO) support. 

As a responsible modern professional, you get it; that an independent qualified assessment of your cyber protection and information security is critical: Protecting operations. Avoiding financial loss, penalties, civil liability, reputation damage. You probably understand that your IT shop must be stress tested by an independent, objective professional that is going to let you know what is working well and what specifically needs to change or be enhanced, against today’s risk, and with respect to your operations and plans.

Even if you are a non-technical professional, you probably get that the cyber and information security threat landscape is constantly changing. Here are a few acid test questions for your IT shop that will give you a picture of how current you are (apologies in advance if this ends up being a tough discussion…) 

  1. Do we use endpoint detection and response technology that scans not only for signatures / known malware but abnormal machine and user behaviors? How do you know it is fully deployed to all endpoints including servers and is operationally effective?
  2. Do we have advanced threat protection enabled on our email that scans attachments and links before they can be opened, and will that advanced threat protection quarantine those emails away from my employees? What is protecting our employees from directly downloading hostile executable files from the internet?
  3. Show me how our backups are secured on an archival basis so that one infected file volume will not be able to infect the archives? Have we tested our recovery process?
  4. How are our employees performing on automated simulated phishing attempts and is the remedial/periodic cyber awareness education automated? How current are our employees with that training?
  5. What are the results from our most recent vulnerability scan and how many critical vulnerabilities were identified?  How are we keeping our systems, applications, and users’ security patched? How are we monitoring the security stack apparatus such as firewalls (is that apparatus even current?) How are we monitoring traffic origins, and suspicious logins? What data loss prevention settings are in place?
  6. How are we securing privileged user access to firmware and critical applications. Is Multifactor authentication enabled for all users? Are passwords and passphrases enabled with required resets at least every 90 days?
These are only an example of some high impact controls that ALL organizations should have in place to defend against current attacks.  
Now, your business environment, support processes, and informational needs are constantly evolving. You need to look at how your architecture and applications are supporting your current 3-year outlook.  

With substantial operational dependence on IT, this will require a continuous lens, if not at least periodic quarterly consulting and health checks to ensure your systems are serving your objectives and your people, clients / customers / patients are protected and secure.  

The process should start with an initial cyber & information security assessment. During this phase your vCISO / vCIO will inventory your systems and processes against applications, infrastructure, and examine your defenses and resiliency against cyberattack and data loss. It is my experience that the IT team (internal or external) is going to need some help ensuring the corrections are made properly to address the risk exposures. Then you are going to need some ongoing support for periodic re-evaluation and staying current, process improvements, and supporting growth.

The independent vCISO / vCIO support experience you should be seeking:

I am here to help Coastal NC organizations with informal advice on cyber and technology, alongside supporting UNCW’s Center for Cyber-Defense Education and the development of cybersecurity professionals. If you would like some directional assistance, please let me know by contacting me via Linked In.

Ico insights



It’s Child’s Play

Jane Morrow - Smart Start of New Hanover County
Untitleddesign2 4523114356

Cybersecurity and Productivity: Striking the Perfect Balance for Business Success

Barrett Earney - EarneyIT
Jordain 422430214

Why Messing Up is Essential for Business and How to Do it More

Jordan Cain - APPROVE

Trending News

Passenger Rail Study Offers New Details About Proposed Wilmington To Raleigh Route

Emma Dill - Apr 22, 2024

Severe Weather Postpones Trump Rally In Wilmington

Emma Dill - Apr 20, 2024

Will NC Be CNBC's Three-time Top State For Business?

Audrey Elsberry - Apr 22, 2024

In The Current Issue

Surf City Embarks On Park’s Construction

“Our little town, especially the mainland area, is growing by leaps and bounds. So having somewhere else besides the beach for kids to go an...

Taking Marine Science On The Road

“My mission and my goal is to take my love of marine science, marine ecosystem and coastal ecosystems and bring that to students and teacher...

Info Junkie: Lydia Thomas

Lydia Thomas, program manager for the Center for Innovation and Entrepreneurship at UNCW, shares her top info and tech picks....

Book On Business

The 2024 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!



2024 Power Breakfast: The Next Season