In this article, we provide you with an extensive checklist to see the status of the security posture of your organization.
As of today, one of the most important assets of an organization is the data. That is why, the number of hackers and ways they employ to steal your sensitive data grow each day. As a result, cyber security practices gain much more importance.
In order to make sure that your organization is protected from any malicious attackers and data breaches, you need to check your security measures regularly to see if they are still relevant and properly functioning. Below you can find a cyber security checklist that you can benefit from in the ongoing battle of cyber security.
Cyber security checklist
First of all, you must ensure that your organization has security policy suites that covers the entirety of sensitive areas such as information security, network security, communication security, BYOD, remote access, privacy and acceptable use. Once you set proper policies for such areas, you must check the capability of these policies.
- Are your policies enforced properly?
- Are your policies up-to-date?
Moreover, you must strictly define the responsibilities of the individuals in your cyber security team. There must be a head of information security. Moreover, your cyber security team must have an efficient communication amongst themselves in order to know what goes on, and what their to-dos are. After each security incident, all members of the team must be informed on the incident: what it was, how it was solved, and how it will be prevented from reoccurring.
In addition to cyber security measures, you must ensure the physical security of your organization. Where are the servers? Are they protected properly? Can anyone go into the server room? Who has the access to the server room?
Cyber security deals with both preventing security incidents and efficiently dealing with them. Thus, you must make sure that your organization has a protocol to be followed in the event of a security breach. All members of the cyber security team must know their responsibilities within this protocol, and other employees must be educated on what they should and should not do during and/or after a security incident. Also you must regularly test and update such protocols. After updating a protocol, you must make sure that all involving parties are notified of the changes made to the protocol.
- You must invest in your employees as much as you invest in security measures, software and protocols.
- Is your staff educated regularly? You must make sure that both your cyber security team and other employees are aware of their responsibilities and current developments in cyber security. For instance, your employees must know that they should not use public wifi while conducting business, or they must be properly informed about phishing techniques and anti phishing techniques.
- Do you assess possible security threats caused by employees? You must regularly check the activities of your employees and make sure that a new recruit has the understanding of the security protocols and policy of your organization.
- Is your staff able to report a suspicious activity, e-mail and such?
- Is your staff able to communicate efficiently and safely with each other? You must make sure that the means preferred for in-company communication is safe and encrypted.
Data and hardware
In order to make sure that your organization has a strong security posture, you must make sure that your data and hardware are safe.
- Do you back-up your data regularly?
- Do you employ proper encryption techniques?
- Do you have necessary firewalls, antivirus programs and other software? Are they working properly? Are they up-to-date?
- Do you have software that filters internet traffic and incoming e-mails?
- Do you have a policy concerning asset management?
- Do you have an extensive list of your assets?
- Is your data classified in accordance with its sensitivity and exposure to risk?
- Do you have a policy regarding log data? Is that policy being followed properly?
- Do you have a policy in regards to USB drives, external hard drives and other data collection methods? Do you check if the policy is being followed? Are you notified if a staff member breaches the policy?