2019 Cyber Security Checklist: How to ensure Business Data is protected?

How do you ensure that your business is guarded enough?

You need to ask the right questions to enable to build an appropriate Cyber Security strategy for your organization. The first step in Digital Asset Management is asking the right question and identifying the root cause.

The following is a checklist of questions as a starting point for securing the valuable data your small business manages.

Where will your data be Stored?
How secure is your data? What security protocols are in place, so you’ll feel comfortable that breaches are less likely? Is it too easy for you to log on and get to the data? What encryption is used to protect the Data during transmission and at rest?
Do you perform regular backups? Be sure you know how often your data is backed up and how the company ensures there is more than one Backup, and that there are clean Backups not infected with malware.
How we can recover our digital assets from the Incident with less impact on our day to day operation with simple backup Practices?

How fast can a backup be restored? It’s a misconception that having a good backup means systems can come back to a functioning state in just a click of a button. It is recommended doing backup drills just like you do fire drills. When your business is closed, have your cloud provider restore your system from backup and see how long it takes.
How frequent are your service outages and how long do they last? If you don’t have access to your data, your business may experience downtime. You can calculate the cost of downtime per hour by just adding labour costs per hour to the revenue lost per hour. How much downtime can you afford?

In-short we must answer these questions

Do we have an in-place Business Continuity Plan that meets Business Requirements?

How much time do we have to get services running after an incident?

What is an acceptable amount of data loss?

When was the last time we test our backup by restoring?

IT Security should be a priority for all the companies and no company can be 100% protected from security threats. Here is an Audit Checklist to help small Business for a security Assessment.

Top 10 Cyber Security Audit Checklist

1. Protect End User Devices

3 important steps to ensure when it comes to Cyber security are

Keep Your Operating Systems Updated:

Your operating system needs to be set for automatic updates whether you run on Windows or Mac. Turning off computers at nighttime or rebooting promotes the installation of updates. System updates are especially important for server operating systems where all patches and updates need be reviewed and updated on a recurring schedule.

Antivirus Updates :
Firms need to ensure that anti-virus programs are updated frequently and devices are scanned on a set schedule in an automated fashion into a workstation. In larger companies, workstations should be configured to report the status of the antivirus updates to a centralized server which can push out updates automatically when required.

Firewall setup :
Serving as a gatekeeper between your company’s servers and also the outside world – firewalls keep external threats out whereas alerting you by diverting outgoing information. Having an effective business class firewall is important for cyber security.

2. Protect Your Network and Servers

Be cautious about wireless networks and closely monitor remote access to the network.

Have a strong password policy:

Encourage passwords with least eight characters with a combination of upper and lower case letters, numbers and special characters.

Use Automatic Screen Lock:

When a digital computer or mobile device has been idle for some minutes it should be set to automatically lock the screen to stay prying eyes out of the system.

Connect Securely:

Connect securely to the firm’s information resources either by utilizing a VPN or other secure connection. Do not do any confidential work on public WiFi and only connect to WiFi for firm work if it is sure to be authentic.

3.Keep Your Data Safe

Implementing a daily backup procedure is a easy way to safeguard crucial Business data. Setting permissions and using encryption will also help.

Encrypt Backup Data:

Firms should encrypt any backup media that leaves the office and validate that the backup is complete and usable. Firms should frequently review backup logs for completion and restore files randomly to confirm they’ll work once required.

Dispose of Data/Equipment Properly:

All physical files and draft documents with personally identifiable information that is no longer needed should be securely disposed. Workstations and different mobile equipment used for processing client information should be totally reformatted.

4. Minimize Administrator Privilege

Allowing workstations to run in administrator mode exposes machines to further security threats and would possibly result in the complete network being infected, thus regular work shouldn’t be done on a computer in administrative mode.

5. Secure File Send

Firms should standardize tools that allow for the secure causing and receiving of client files. All personnel ought to be educated on victimisation the firm’s portal or encrypted email answer for any file containing confidential information.

6. Update IT Policies

Firms should review IT/computer usage policies and provide employees reminder for all new and updated policies. Beyond traditional Computer and Internet Usage policies, firms should include adding wording on BYOD (Bring Your Own Device), Remote Access, Privacy, and Encryption where appropriate.

7. Have a Breach Response Plan

You should have a security incident response plan in place where there’s concern that firm information has been compromised. This would be in a written format that would include educating personnel on how to document the events leading up to the breach discovery, notifying appropriate firm/external IT personnel of the breach so they will take necessary steps to prevent it, and be developing an internal and external communications plan.

8. Educate Employees

Security education is as vital as skilled accounting CPE and may be needed annually. In addition to reviewing the firm policies, employees should be educated on current cybersecurity attack methods such as phishing and threats as well as ransomware and social engineering used by hackers to get access to a user’s pc. Email Awareness Training: Personnel needs to be reminded to be sceptical, of emails they did not expect and are out of character. Staff needs to be reminded how to hover over an email link before clicking or to look at email properties to see if the sender’s email address matches. They additionally need to be regularly reminded to not click on or open suspicious attachments, instead of sending them to the IT team to review if there is any concern. If there are any questions on a link in an email, it’s better to go to the web site directly by typing the address into a browser than to risk clicking on the link.

9. Cybersecurity Insurance

Many companies will do all the proper things with reference to data security and still fall victim to a hacker, so to protect against that possibility they should consider cybersecurity insurance. The cost of this insurance has return down significantly within the last decade and companies ought to valuate each first-party insurance to hide the firm’s direct losses ensuing from the breach (downtime, the recreation of knowledge, direct remedy costs) and third-party insurance to hide any damages to client’s whose information might are compromised.

10. Migrate your data to the cloud

Using Cloud-based Services for your small business makes it easy to access your data from anywhere at any time. It also has the benefit of being more easily secured by adjusting settings and permissions and most cloud-based services have strong encryption standards. Migrate your data to the cloud.