Raising Cybersecurity Awareness: 7 Questions to Ask


Security is a team effort. It’s no longer solely the responsibility of IT or cybersecurity departments to defend organizations against cyber attack. Cyber criminals can target anyone, across all departments and roles, and this means that everyone has a part to play in protecting networks, systems and data.

Staying informed about security best practices and understanding your organization’s security efforts and policies can help you recognize and fend off cyber threats. We’ve put together seven questions to initiate crucial conversations about how you can best serve as a line of defense to protect your organization.

  1. What activities should I look for that could indicate a cyber event?

    Conversation Takeaway: Early identification of a possible threat significantly improves an organization’s chances of minimizing the damage. If everyone knows what suspicious activity and anomolies look like, technology teams can be alerted quickly.

  2. Who should I notify in the event of an attack?

    Conversation Takeaway: Rapid response depends on getting the right people engaged in addressing the problem as soon as possible. Clearly understanding your organization’s escalation path and communications protocol saves valuable time.

  3. What is the incident notification process outside of business hours?

    Conversation Takeway: Cyber criminals are opportunistic. They often strike after hours or during holidays when they know people are typically distracted. Learn if there is a different escalation path if something happens during these times and how to reach people when they are not in the office.

  4. What is our Bring Your Own Device (BYOD) policy and if allowed, how are these devices secured?

    Conversation Takeway: For convenience and economy, many organizations permit employees to use their own devices, such as mobile phones, for work. Understand the security protocols that protect your organization’s data residing on these devices as well as any access to networks and systems that these items enable.

  5. How do we handle securing IoT and mobile devices and equipment?

    Conversation Takeaway: Connected devices, from smart vending machines and parking meters to cameras, introduce a different level of risk. Understand your organization’s process for protecting these, your role in keeping them secure and how to spot potential compromises.

  6. What is the sensitivity level of the data and systems that I access in my role?

    Conversation Takeaway: Some data and systems are more critical to operations than others, making them the object of attackers’ focus. Knowing which aspects of your role are connected to highly targeted assets will help you maintain heightened vigilance.

  7. Are there any new attack trends I should be aware of?

    Conversation Takeaway: Cyber criminals are continuously evolving their attack methods and increasing the sophistication of their efforts. Email continues to be the number one threat vector used for attacks like phishing, ransomware and malware, but there are a growing number of tactics.

As cyber attacks increase, integrating cybersecurity into every aspect of doing business will continue to be an important part of day-to-day operations. Even those who don’t consider themselves tech savvy will need to gain a foundational understanding of how attackers infiltrate organizations and what can be done to defend them. Encouraging an open and ongoing dialog across all teams will help everyone stay alert and serve as the frontline of your defense.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.