A cybersecurity checklist is the starting point for protecting your organization. Already have some items in place? Take a look at how your company measures up with Vestige’s list of top ten cybersecurity items you can’t overlook:
1.Disaster Recovery and Backup Procedures
- Is a written D/R plan in place – is it tested regularly (annually)
- Is the D/R plan reviewed with team members who will be responsible for carrying it out – do they understand their roles
- Are backups verified – were they completed successfully, can information be restored from in the event of an issue
- Is the antivirus up to date? Antivirus updates contain the latest files needed to combat new viruses and provide protection
- Are the security rules up to date for monitoring incoming/outgoing network traffic – decide whether to allow or block particular traffic
4. Wifi access
- Could the internal network be accessed directly through Wifi (Wifi must have separate logins from internal network).
- Does Wifi contain secure login – could someone in range access (this is important depending on what could be accessed through Wifi)
- Is it updated to latest release/current patches? Software is updated to remediate any vulnerabilities – many web exploits look for outdated software with unpatched security flaws.
- Can employees install software without approval/restrictions (malware)
6. Review User Access – For Both Onsite and Remote Access
- Least privilege – restricting access rights to only those required to perform necessary duties. Are there individuals who still have access that no longer require it (job changes, terminations). Do privileged users require access to sensitive data?
- User/Password restrictions
- No default passwords used
- No shared accounts/test accounts – require unique user accounts (for auditing purposes)
- Inactive accounts – remove user accounts that have not been accessed over 30 days – these can be targeted by attackers and go unnoticed (account is locked out, privileges escalated)
- Strong password policy – 12 characters, numbers/symbols/caps and lowercase
- Store passwords securely – password vault, secured storage location
7. Equipment Disposal
- How is data removed from media when a device is decommissioned? What is done with the device (securely wiped/reformatted, recycled, destroyed)?
8. CyberSecurity User Awareness
- Phishing expeditions – conduct regularly (monthly, quarterly, annually)
- Training/communication on social engineering methods that could cause a security breach – such as revealing information over the phone, allowing unauthorized individuals on the premises, giving credentials without authorization, receiving malware through email links/attachments
9. Removable Media Restrictions
- USB access – could an employee copy data to/remove from the premises
- If this is allowed – Is the data encrypted ( if lost/stolen)
10.Cyber Liability Insurance Policy
- Study the impact that a breach could have on business operations
- Initiate a policy, or update a current one
- Cyber liability insurance helps companies respond in the event of a cyberattack or data breach. If a company’s network or computer systems are hacked into, or corrupted by a virus –
- Loss of business
- Notifications to customers
- Forensic investigation
- Regulatory fines and penalties
If after going through this list, you have questions or believe your company may need some assistance in this arena, the Experts at Vestige are happy to help. CONTACT US.
By Mary Brewer, MBA, BS, AAS
Vestige Digital Investigations