As your company’s CIO, you know how often businesses are targeted by cyber criminals. Convincing members of the board that all that money is well spent on cyber security and the IT department, isn’t always easy, though. Use our cyber security checklist to show all the ways that your department is working to protect your company now and in the future. So have you every prepared a Cyber Security Checklist to ensure you have all of your bases covered? Where do you start?

6 Point Cyber Security Checklist

1. When was the last time you met with your IT team to discuss new areas of concern? 

Not just the managers,  or team leads, but everyone. You have people that are tasked with constantly learning and solving problems to your systems, not to mention what they learn when they’re not on the job, utilise them. It doesn’t do to ignore Frank just because he’s an intern, for all you know he might be the only one to have heard about a new type of ransomware.

While we understand that cyber security doesn’t always rank on the “top ten” of the daily activities within a company, having regular meetings with your team shouldn’t be overlooked.

2. When did you last review your company’s IT procedures and policies? 

This isn’t just the company’s compliance policy.  This what is dedicated to protecting your company’s intellectual property and confidential property. This is your written plan to handle all issues that are related to cyber security. It ranges from how you back up and encrypt data, to how to handle a crisis situation such as a data breach There are templates available on the web, that you can use to get you started, and then alter it to fit the needs of the company.  Some of the sections to include are:

Privacy Policy -The statement or legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer’s or client’s data. This fulfils a legal requirement to protect a customer or client’s privacy.

Network Security Policy – An NSP outlines the rules for computer network access, determines how the policies are enforced, and lays out the basics for your company’s security environment.

Remote Access Policy – The RAP outlines the acceptable methods for people to remotely connect to the internal network. This is essential given the increasing number of remote workers, who often connect from insecure network locations such as cafes or from unsecured home networks.

Acceptable Use Policy – A set of rules applied by the manager of your company’s network to restrict the ways in which the network might be used.

Internet Access Policy – Applies to all Internet users (employees, contract workers, temp agents, business partners, and vendors)  who access the Internet through the computing or networking resources.

Email and Communications Policy – This regulates how email and other communication channels specific to the company may be used.

Bring Your Own Device Policy – BYOD governs the corporate IT department’s level of support for devices that employees bring such as PCs, smartphones and tablets.

While you’re reviewing these policies, make sure that your company is also compliant with the Privacy Act 1988 , if you collect or handle personal information.

3. Do you have an up-to-date inventory of your company’s critical assets?

New content is created on a daily basis within your organisation. This means that your critical assets are constantly changing. All key people should have an up to date list of the most valuable assets within your company, and the security measures that are around them.  Don’t skimp on the resources allotted to this, because if this critical data is compromised, it could have a lasting, negative impact on your company. Not just your company’s reputation, but also how it operates.

4. When was the last time a company-wide check was performed on all operating systems, software and data centre equipment? 

Programs are updated on weekly to bi-weekly basis. Hardware regularly becomes outdated. As individual users, this isn’t so much an issue. For a company, though, systems and hardware that are out of date, or ill- maintained are akin to laying out a welcome mat to hackers.  Approximately 70% of web-based attacks occur thanks to a vulnerability on the user’s computer.

Performing system-wide checks and updates at the end of the working day, is a great way to keep everything up to date and eliminate as many vulnerabilities as possible.

5. When did you last update your IT department’s organisation chart?

Most people think of IT, and feel that technology handles everything. the people that staff the department are equally important though. Do you know the people in your department?  Do you know who has the skills to handle a data breach vs a virus infection? What about who has recently gained degrees in penetration testing?  Staying informed of developments like this allows you to move around the hierarchy within the department so that the people who are most capable of handling challenges when they occur have the authority to do so.

6. Is there a cyber security training program in place for new and current employees?    The best way to ensure that your company polices are understood and applied by all employees, is by having a  training program in place. By ensuring that your company is risk-aware and fostering that as a company culture, you can help to reduce the number of attacks that are likely to occur.

The best way to ensure that your company polices are understood and applied by all employees, is by having a  training program in place. By ensuring that your company is risk-aware and fostering that as a company culture, you can help to reduce the number of attacks that are likely to occur.

At the end of the day, remind your fellow board members that security doesn’t just matter to the IT department.

The security of the company ensures that:

  • Your company is working well.
  • Your reputation remains untarnished.
  • Your future plans are not impacted by attacks.
  • Most importantly, that your confidential data and finances are secure.

We hope you found this cyber security checklist useful if you did please comment below. If you would like to learn more about how to secure your company against attacks and improve your defences, please contact us today.

Need help with a your Cyber Security?
Speak to the experienced team at Stanfield IT on 1300 910 333