techwise group logo
vector of screen with unlocked shield for Cybersecurity Risk

Cybersecurity Risk Assessments: An Overview – Tech Tip For June 6, 2023

Whether your business is seeking cyber risk insurance, working with a larger company or government agency, or working towards complying with industry standards such as NIST, you will eventually be faced with completing a cybersecurity assessment or even an external audit. Even a self-assessment requires a significant amount of information, making the process time-consuming if your organization is not prepared.

In this month’s Tech Tips, we will explore how to prepare for a cybersecurity risk assessment.

What is a cybersecurity assessment?

A cybersecurity assessment reviews the policies, procedures, and controls your organization uses to reduce cybersecurity risks. Cybersecurity assessments can also be an opportunity to review your IT systems, find weaknesses, and implement remediation measures to strengthen your cybersecurity.

When and how often will my organization need to perform a cybersecurity assessment?

Organizations of any size may need to complete a yearly review for cyber or general business insurance. Businesses that work for other companies may also be asked to complete an assessment yearly or upon award of a contract. Some businesses are finding that they are asked to complete assessments 3 or 4 times a year.

  • What will cybersecurity assessment cover?
  • Here are some areas that a cybersecurity assessment might cover:
  • Overall data security – including managing access
  • Compliance with legal and industry regulations
  • Adequacy of existing policies and training
  • Whether your software is up-to-date and how updates and patches are managed
  • Where data is stored
  • If a business continuity plan is in place, including how systems and data are backed up and recovered
  • Whether cybersecurity roles are adequately staffed, either internally or by third parties
  • What technologies are in place to prevent cyberattacks
  • Is there a documented process to address a cyber attack?

Our upcoming Tech Tips will look at ways to prepare for cybersecurity assessments and the importance of a System Security Plan (SSP) document.

If you have questions about cybersecurity or preparing for an upcoming assessment, please contact TechWise Group today.

Important Microsoft Announcements:

  • If you have not already moved to NCE licensing for your organization or if you have any questions about upcoming renewals, please contact us at gettechwise@techwisegroup.com to understand your options.
  • MFA is the best way to prevent cyberthreats. If you have not enabled MFA in your organization, let us help you put a plan in place.
  • Windows Server 2012 and 2012 R2 Extended Support ended on October 10, 2023. If your organization is still running these operating systems, please contact us to discuss your options.
  • Windows 10 will reach the end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles. Please contact us to discuss your options.
  • Microsoft has expanded Copilot licensing for small-to-medium businesses (January 15, 2024). Reach out to TechWise Group to discuss your options.
  • Classic Teams client reaches end of availability. Microsoft extends time to July 01, 2024, for Admins to address any related issues.
  • April 1, 2024, Microsoft announced global changes to Teams licensing. Please reach out to TechWise Group with any questions.