Cyber Security Awareness Checklistadmin
October is National Cyber Security Awareness Month. If nothing else, it’s a great time to review your business’ security, protection, and backup plans. If you’re not sure where to begin, we’ve created this cyber security awareness checklist so you can make sure you’re protected.
1. Is your login/screen locked down? Workstations and mobile devices should be set to automatically lock the screen once they’ve been idle for a certain amount of time. This added protection keeps unwanted eyes off your device.
2. Is your OS up to date? Whether you’re an Apple or Windows person, the operating system should be set to run updates automatically, this is especially important for server operating systems where patches and updates need to be reviewed and completed regularly. And don’t forget about the operating systems on smartphones, tablets, and other mobile devices.
3. Do you have a strong password policy? Network settings should require employees to change their passwords approximately 4x per year, and reusing old passwords should not be allowed. Also encourage employees to use a different password for each device/application.
4. Do you run antivirus updates, or utilize anti-virus, anti-malware and DNS filters? Anti-malware programs should be set to check for updates frequently, automatically scan the device on a regular schedule, and scan anything that gets inserted into the machine (thumb drives, external hard drives, etc). To take things a step further, workstations should be set up to report the antivirus updates to a centralized server that can push updates out automatically, whenever necessary.
5. Do you dispose of all data and equipment properly? All physical files that contain personal or confidential information should be shredded. Workstations and mobile devices must be properly reformatted or destroyed to minimize the risk of data being recovered.
6. Are mobile devices protected? Laptops are historically the most susceptible to theft, however, smart phones and tables are right up there. Although there are ways to get around them, password policies, encryption, and screen locks are crucial for these devices. You need a process in place to notify the IT department if a device is misplaced or stolen so the data can be erased remotely.
7. Are employees educated? Human error combined with increased security threats is highlighting the need for security awareness training. Every employee should go through security awareness training to keep security top of mind and reduce the risk of social engineering.
8. Do you have a security, backup, and recovery plan in place? If something does happen, you need to know that you’ll be up and running with little to no downtime, lost data, or lost wages. Considerations for recovery time objective (RTO) and recovery point objective (RPO) should be at the forefront of your business backup and recovery strategy.
9. Do you know who to call for help? Working with a trusted IT provider can help ease the administration and maintenance that comes along with IT. You don’t have to do it by yourself!
If you have any questions about your security plans, backup procedures, or data recovery processes, give us a call at 616.837.6930, or email our sales department and we’d be happy to lead you in the right direction.