End of the Year Cyber Security Checklist
Cyber Crime is top of mind for all business owners. With 75% of all attacks against small to medium size businesses, your IT check list should be Cyber Security focused. Too often, we see Cyber Security treated as an IT issue rather than the strategic risk challenge it really is. Here’s the list:
- Data breach and Cyber Attack Response Plan: The most important aspect of a cyber-attack response plan is to have one. The speed and method with which an enterprise responds to a cyber-attack determines and to a great extent limits the damage and liability the attack will incur. Items to include in your plan ought to include, determining the team and the tools that are required to handle cyber threat response, training on the implementation of the plan to everyone concerned, cover the means to isolate, contain, eradicate and restore. Lastly don’t forget the legal and reporting aspect which is equally important and ought to a part of the plan.
- Ransomware Backup and Disaster Recovery Plan: It’s just a backup. It’s about business continuity. You must change your way of thinking about this. Identify the electronic systems, data and other intellectual property your organization needs to operate, and the loss of which could damage its reputation. Ensure these assets are securely backed up and stored in another location so they can be retrieved in an emergency. Stay up to date for your operating systems, firewalls, applications, and other networks elements. Plan ahead and test your internal networks for potential vulnerability’s and test your security software to ensure it is performing properly.
- A Mobile and Remote Device Security Policy: Remote devices are important tools for all businesses and organizations, and their use is supported by all. If appropriate security applications and procedures are not applied, mobile and remote devices can serve as a conduit for unauthorized access to the institution’s data and IT infrastructure that can subsequently lead to data leakage and system infection.
- Cyber Security Awareness Training: Today Cyber Criminals go directly to your employees through email and false social media sites. That forces the need to train and retrain your employees on how to identify a malicious email and what to do next. So do you have an information security policy in place, which is championed by management and supported through regular training? Are you confident the entire workforce understands and follows it?
- Dark Web ID Scanning and Monitoring: It is critical to continually scan the dark web looking for any employee passwords which are associated with your domain. If you find any, you can tell the employee to change their passwords and to not use the same passwords at work as they might on social web sites.
Your customers see Cyber Security as a differentiator. In recent studies, 58% say it is a deciding factor when choosing a company or service. Cyber Security has moved from a cost center to a profit center. We call this Cyber Trust. Use the list above to fine tune your effort to make sure you are doing all you can do to protect your business assets.