A thorough checklist for strong cybersecurity for your company
The safety of your information relies on the amount of security you put in place to protect the infrastructure. Depending on the size of your business, corporation, or company, the following are points to increase the security of your operation. Use this checklist to help ensure the safety of your information technology and infrastructure.
Your employees are your strongest assets — and liability — when it comes to information security. Employees should be the first line of defense against data breaches and cybersecurity.
Some questions to ask:
- Do your desktops and computers self-lock when an employee leaves their station?
- Does your company encourage BYOD (Bring Your Own Device)?
- Do your new employees know about cybersecurity?
- Do your employees know how to be alert for possible security breaches?
- Are your employees given regular training on how to stay safe on the local network?
Having a secure wifi connection will increase safety from hacking and fraud. Employees should have a username and password to enter a wifi system.
Consider these questions:
- Do you have policies and standards covering the safe use of information systems, applications, and data?
- Is your wifi system set up for private and public access?
- Are you using Wired Equivalent Privacy (WEP) secure passwords?
Allowing only those with passwords to enter your inner network will increase the safety of your technology. Monitoring incident response will decrease this risk. New employees should be given a username and password when accessing the local system.
Think about this:
- Do you enforce strong passwords and regularly ask them to be changed on a regular basis?
- Do you ensure that only authorized personnel have access to your computers?
- Are your computers positioned so others cannot view staff entering passwords?
Automatic computer lock screens
A user’s computer should automatically lock when they leave their desk. This will increase the safety of information.
Even further, consider using keycards or IDs to enter into computers. Military personnel use these to access files and email, so only one person is able to access the computer.
More to think about:
- Do you have policies in place that limit unauthorized access, either online or for hardware?
- Do you have security systems such as passcodes, video surveillance, and keyfobs?
- Do you have visitors escorted in and out of controlled areas?
Banking and money handling
This may be one of the most important security access points to consider. Anything money related should be handled with great care.
- Do you have a strong firewall in place to protect against unlawful hacking?
- Do your employees know what phishing emails to look out for?
- Do your employees regularly look at financial statements for unsolicited charges?
Regular full or partial backups for information will not only protect valuable information but can also allow for a restore in the event data is lost. Hire a third-party to hold your information in case technology is tampered with or destroyed.
Questions to consider:
- Do you incorporate full, incremental, and differential backups at least on a monthly basis?
- Are your backup servers safe and secure so outside tampering is not allowed?
- Do you at least have three (3) places where the backed up data is stored?
Strong passwords are hard to crack. Keep information safe by making your employees create passwords that are hard guess. Strong passwords include 12 characters, numbers, symbols, capital letters, upper-case letters, and lower-case letters.
- Do you require your employees change their passwords every six (6) months?
- Do employees use different passwords for separate accounts?
- Do employees know not to enter passwords while on an unsecured network?
Encrypted files and documents are files that need a local set of code to access. No outside entity can access the encrypted files with the proper key.
Things to consider:
- Do you require passwords to read sensitive information?
- Do employees know not to share protected information via email?
Firewalls keep outside users from entering the network without permission. In addition, firewalls provide layers for users to access. They’re given designated rights and permissions that can be edited by the administrator.
Consider these questions:
- Do you have a firewall — or multiple firewalls — that only authorized users can access?
- Do you have a way to monitor the activity of firewalls?
The cloud is a useful tool for remote access but can be accessed by unauthorized users if not properly set up or managed. It important that the right diagnostics are implemented because this fragile system can be accessed anywhere in the world.
- Are your hardware cloud servers protected from unauthorized users?
- Is your cloud information encrypted?
- Is penetration testing routinely attempted?
Grey Wolf Security specializes in Security Operations, Security Compliance, and Security Engineering. Our professionals have experience within the Department of Defense, Department of Homeland Security, Federal Law Enforcement, Intelligence Community and Commercial organizations. Contact us and let’s collect your digital evidence today.