The 5 Questions Every Nigerian CEO Must Ask Their IT Team Before Year-End
Before you finalize your budgets for next year, schedule a meeting with your Head of IT or your external IT provider. Place this document on the table and ask them these five questions directly.
Praise C. / CEO & Lead ResearcherSeptember 25, 2025
SMB & Startup Security Playbooks
Your job as a CEO is to manage risk and growth. The single biggest unmanaged risk to both is your digital infrastructure. The threats targeting Nigerian businesses are not generic; they are specific, sophisticated, and relentless.
Your IT team is your frontline. However, they are often overwhelmed, under-resourced, and focused on keeping the lights on, not on hunting for advanced adversaries. It is your responsibility as the leader to ask the right questions, the questions that move the conversation from "is it working?" to "is it secure?"
Before you finalize your budgets for next year, schedule a meeting with your Head of IT or your external IT provider. Place this document on the table and ask them these five questions directly. Their answers will tell you everything you need to know about your company's true security posture.
Question 1: "Show me our policy for employee credentials. How do we prevent a single stolen password from giving an attacker access to everything?"
Why you must ask this: Stolen credentials are the #1 entry point for attackers. A simple password leak from a third-party site (like Canva or LinkedIn) is often all an adversary needs to access your corporate email, financial systems, or cloud infrastructure.
A Weak Answer Sounds Like: "We tell our employees to use strong passwords." or "We have a password policy."
A Strong Answer Sounds Like: "We have mandatory Multi-Factor Authentication (MFA) enforced on all critical applications, especially email and financial software. We also conduct regular dark web monitoring to see if any of our corporate credentials appear in breach databases, and we force a password reset immediately if they do."
Question 2: "What is our 'blast radius' for a ransomware attack? If one laptop is infected, how do we stop it from encrypting our entire server?"
Why you must ask this: Ransomware does not just encrypt one machine; it spreads laterally across your network. You need to know what technical controls are in place to contain an infection before it becomes a company-wide disaster.
A Weak Answer Sounds Like: "We have antivirus software on all our computers."
A Strong Answer Sounds Like: "We use a modern Endpoint Detection and Response (EDR) solution that can automatically isolate a compromised machine from the network the moment suspicious activity is detected. This containment happens in seconds, before the infection can spread to our critical servers or backups."
Question 3: "Who is watching our network traffic at 2:00 AM on a Sunday?"
Why you must ask this: Attackers operate outside of business hours. A security alert that happens on a weekend can go unnoticed until Monday morning, giving an adversary 48 hours of uninterrupted access to your data.
A Weak Answer Sounds Like: "Our systems send automated email alerts to the IT team."
A Strong Answer Sounds Like: "We have a 24/7 Security Operations Center (SOC) that provides continuous, round-the-clock monitoring of all our network, cloud, and endpoint alerts. Any critical alert is investigated by a human analyst within minutes, regardless of the time or day."
Question 4: "Walk me through our response plan for a data breach. Who makes the decisions, who communicates with customers, and who engages the regulators?"
Why you must ask this: A chaotic, unplanned response to a breach often causes more damage than the breach itself. A lack of clear roles and responsibilities leads to mistakes, delays, and a loss of customer trust.
A Weak Answer Sounds Like: "We would call our IT guy and figure it out."
A Strong Answer Sounds Like: "We have a documented Incident Response Plan. It specifies a chain of command, includes pre-approved communication templates for customers and stakeholders, and outlines the legal requirement to notify the NDPC within 72 hours. We test this plan with a tabletop exercise annually."
Question 5: "How are we using intelligence to find threats before they find us?"
Why you must ask this: This is the most important question. It separates a reactive security posture from a proactive one. A modern defense does not just wait for alarms to go off; it actively hunts for the subtle signs of an attack in progress.
A Weak Answer Sounds Like: "Our firewall and antivirus are updated with the latest threat signatures."
A Strong Answer Sounds Like: "We subscribe to threat intelligence feeds specific to our industry and region. Our security team (or our managed security partner) uses this intelligence to conduct proactive 'threat hunts' in our network, looking for the specific tools and techniques used by adversaries known to target Nigerian companies."
Here’s The Path Forward
The answers to these questions will reveal the true state of your company's resilience. If you heard more weak answers than strong ones, it is not a failure of your IT team; it is a failure of the traditional approach to security.
It is a signal that your company has outgrown its current security model and requires a strategic partner. A partner that provides not just tools, but 24/7 human expertise, proactive threat hunting, and the intelligence-led defense that modern business demands.
Forewarned is Forearmed.
The Birdling provides intelligence-led Managed Defense for Nigeria's leading companies. If you are not satisfied with the answers you received, book a confidential, no-obligation threat briefing with our leadership team to understand how we can help you build a truly resilient security posture.