Cyber Security Checklist
Cyber security is complex, to say the least. Researching it can be overwhelming, especially when there’s so much jargon to wade through. That’s why our Safety Net IT experts have made the ultimate Cyber Security Checklist for individuals or businesses. It has all the essential steps you can take – even if you’re not a tech expert – to confidently protect your data.
You can use this checklist in two ways:
- Option 1: Check boxes for YES answers, and calculate your points. The best score is 400. A score below 380, or several missing check marks, indicates the need for improved security. Ask your IT department or provider to take the necessary actions to get back on the safe side.
- Option 2: Use this IT risk assessment as a general guide for your staff and your IT team/provider. Don’t worry about the points – just get protected!
The fine print: No self-assessment is a substitute for a full audit. Also, this checklist is for businesses in the United States. There may be additional considerations in other locations.
Checklist for IT Risk Assessment
Overarching Best Practices
These three all-encompassing cyber security checklist items are so important! Does your business take these precautions?
- Do you have a well-documented policy for all of the following? (10 points per item)
- Acceptable Use
- Internet Access
- Email & Communications
- Remote Access & BYOD (Bring Your Own Device)
- Encryption & Privacy
- Disaster Recovery
- Do you use modern, valid and up-to-date software for all purposes – your operating systems, accounting software, etc. – and regularly apply security patches to your software? (70 points)
- Do you hold regular employee training that covers all categories on this checklist? (70 points)
User Security Measures (10 points per item)
Make sure you and your staff are up-to-date on these safe practices.
- Do you require regularly updated, complex employee passwords? Learn more about using good password etiquette.
- Do you regularly audit and disable outdated accounts?
- Do you avoid shared accounts and passwords?
- Do employees check that all websites are secure (https://) when sharing company information or passwords?
Email Security Measures (10 points per item)
Be smart about using email by following these practices. You can learn more in our blog post about email safety precautions.
- Do you have an email security filtering solution? Filtering solutions protect against malicious emails you can’t recognize.
- Does your email policy state that sensitive information won’t be sent over email? (e.g., passwords, banking info, and anything else most safely communicated over the phone)
Website Security Measures (10 points per item)
These more technical tasks protect your website from being stealthily stolen from, monitored, altered or broken.
- Is your SSL certificate up to date? Not only does this show your business’s credibility; it protects your content and your customers’ data from being altered or compromised.
- Do you use a secure web hosting company? They should isolate hosting accounts, maintain server logs, and back up your site regularly.
Network Security Measures (10 points per item)
Your business’ network needs protection too. Here are some ways to secure it.
- Do you use a commercial-grade firewall?
- Do you password-protect your Wi-Fi router and make internal WiFi accessible to employees only? (Configure guest networks separately.)
- Do you use VPN (virtual private network) technology for remote access to the office? Many operating systems have VPN capabilities built in.
- Do work computers automatically lock the screen and require logging back in after a period of inactivity?
- Do you limit and log access to the physical locations or rooms containing network devices (such as switches) and any in-house servers?
- Do you store data securely in cloud software, using password best practices for accessing this data?
Ask an IT Expert (10 points per item)
These somewhat complex cyber security measures are best handled by an IT professional. However, feel free to ask an IT expert about items in the other categories as well!
- Are your firewalls running the most current firmware, considered next generation hardware, and covered by manufacturer warranty or manufacturer-contracted support?
- Do you regularly scan your network for vulnerabilities (e.g., virus, malware, and unauthorized devices)?
- Do you store passwords as encrypted values?
- Do you perform regular backups of data and configurations, as well as test restore?
How did you check out?
No matter how secure your business is today, good security takes regular maintenance. You can periodically run through this checklist to be sure you’re doing everything you can to protect your information. To find out more about cyber security and all things IT, visit the Safety Net blog.