Use this cyber security checklist as your guide to determine whether your business is at risk.
1) Are Employees Using the Most Updated Software?
It’s best practice to ensure all employees update and move away from outdated web browsers, applications and plug-ins. Updates apply to operating systems, web browsers, and also Internet of Things (IoT) devices as well.
Whenever possible, enable automatic updates to protect all devices from vulnerabilities throughout the organization. Automatic updates on Windows and Apple operating systems are an easy way to ensure these updates regularly take place, not to mention reducing the risk of a compromised system.
Finally, if your office is Bring Your Own Device (BYOD) friendly, remind staff to set their mobile devices to update automatically.
2) Have you Replaced Outdated Operating Systems & Servers?
Still using outdated operating systems like Windows XP or Windows Server 2003 in your organization?
As each month passes, it becomes increasingly more dangerous to run your business on outdated systems and servers since patches are no longer available – and cyber criminals are well aware of this.
The truth is, there is no better time than now to upgrade outdated systems and hardware. In fact, before you dismiss the idea of upgrading equipment due to budget constraints….
Did you know you can finance equipment and still take advantage of the Section 179 tax deduction?
Section 179 of the government tax code allows your business to deduct the full purchase price of qualifying equipment purchased or financed during the tax year from your gross income.
3) Is your Antivirus Frequently Updated?
Similar to browser and operating system updates, Antivirus programs need to be set to regularly check for updates and scans need to be configured to run on a consistent schedule.
Larger organizations configure their networks to report the status of antivirus updates to a central server where updates are then pushed out automatically, as required.
Small to mid-sized businesses can achieve this as well through managed services like Desktop Care that leaves the hassle of patches, spyware issues and preventative maintenance to us.
4) Do you have a Bring Your Own Device (BYOD) Policy?
Bring Your Own Device (BYOD) refers to businesses that allow employees to conduct work related activities on their own mobile devices, both in and out of the office.
Aside from setting up a mobile device management plan, all BYOD businesses should establish a BYOD policy that defines what is acceptable and what is not for employees.
5) Do you have a Data Backup Plan?
If your business has a data backup plan, that’s great!
But when was the last time you actually tested your backup?
Are you certain that in the event of a disaster or data breach, you would be able to restore your data?
In order to minimize downtime, your organization needs to not only ensure backups are easily accessible, but also have a disaster recovery and business continuity plan in place.
When you consider the true cost of downtime, the decision to focus company resources on data backup becomes easy.
6) Do you have a Password Policy?
Many people rely on just a handful of passwords in their personal life, but particularly in a business setting, this practice is VERY risky and puts sensitive company data at risk.
After all, your IT security is only as strong as it’s weakest link.
In fact, data breaches are very commonly a result of insufficient passwords, among other common cyber security mistakes.
Your IT policy should mandate complex passwords to be at least eight characters, include upper and lower case letters, numbers and special characters. It is also advisable to require staff to change passwords four times per year without reusing previous passwords.
7) How Secure is Company Email?
Email is a major source of security breaches. In fact, email is one of the most common ways ransomware is spread throughout a business network.
For this reason, it’s important to ensure company mail servers are adequately protected by security software and certain email attachments are restricted from your network. Commonly used file attachments used to spread viruses are .BAT, .EXE, .PIF, .VBS and .SCR files.
Employee Awareness Training
Everyone has received a phishing email at some point in time and for this reason, employee education is key. Remind staff to hover over questionable links and never open email from senders they don’t recognize.
If a link is questionable, it’s always better to open a new browser to visit the website. These and other great tips can be introduced to employees through fun exercises like this Phishing IQ Test from SonicWALL.
8) Are Files Being Shared Securely within the Network?
Online file sharing websites like consumer grade versions of Dropbox can put your business at risk of data theft, data loss or worse.
Instead, it’s better to use a business grade file sharing solution that supports the BYOD trend and allows employees to access company files securely, from any device, anywhere.
9) Do you Implement Cyber Security Policies & Employee Education in Your Organization?
Since it is such an important aspect of business security, employee education has been a theme throughout this cyber security checklist. Educating staff about cyber security can be done in 3 simple steps.
STEP 1) Set Clear Policies when establishing policies, ask questions like:
- Which files should employees have access to – and in what context? It’s best to restrict data to only those users who require it to do their work.
- What websites aren’t appropriate for the workplace?
- What should employees do when they see a suspicious email or text message?
- What should employees do if they suspect they have opened an infected website or file?
STEP 2) Educate employees
A study by CompTIA revealed that only 54% of companies offer cybersecurity training – don’t make this mistake. When educating employees, reference unsafe practices and provide access to email and security tests.
STEP 3) Enforce security policies
It’s not enough to verbally enforce security policies. Require employees to sign a mandatory document stating they understand company policies and their responsibility.
Without this necessary step of enforcement, employees have no incentive to comply.