security checklistGood practice security checklist

The most pressing information technology security problem facing business owners is not computer hackers – the majority of security breaches actually come from a company’s own employees. To help combat this we have developed a security checklist.

Your users are usually not doing it on purpose though, most breaches are accidents, such as an employee mistakenly emailing confidential client information outside the company, a cashier leaving a customer’s credit card information on a publicly viewable terminal, or inadvertently deleting important files.

Downloaded breaches (DLP violations)

One of the most common breaches is accidentally downloading malware which are those nasty little computer viruses and Trojan horses that can cause mayhem in your computer network.

Four in five small and medium-sized enterprises (SMEs) have reported experiencing a security problem relating to an employee in the previous year, according to industry research. But most SMEs don’t do much about it until it’s too late.
Many business owners pay lip service to tech security, but they don’t invest heavily in it and as a result, actions usually get postponed until the day an essential computer crashes or vital data gets wiped out in a malware attack and with the proliferation of mobile devices, wireless computing and remote workers, the security challenge is growing bigger for entrepreneurs.

Evaluate your technology securitymobile devices security checklist

IT security doesn’t have to be sporadic and piecemeal.

Ideally, you should regularly evaluate your IT security as part of a larger review of all your systems. The idea is to make sure your tech gear and processes aren’t out of step with your business strategy.

Checklist:

1. Strategy and human resources policies

  • Does your company have a clear security policy that’s known to staff?
  • Have you defined a policy on acceptable use, password guidelines and security practices?
  • Do you have confidentiality agreements for contractors and vendors?
  • Is your privacy policy up to date and known about by all employees?

2. Data backup

  • For critical data (this is anything needed in day-to-day operations, including customer information), do you centralise it on a server and back it up nightly to a remote location?
  • Important data (anything important to the business but that doesn’t get updated frequently) – do you centralise it on a server and back it up semi-regularly off-site?

3. Desktop security

  • Do all computers have working anti-virus software?
  • Have you got a security policy for downloading and installing new software?
  • Are your passwords set with a minimum of eight alphanumeric characters that are changed every 90 days?
  • Can you state that all your computers are updated with the latest system updates and security patches?

4. Internet and network securitycyber security checklist

  • Do you have a firewall and intrusion detection on all web connections?
  • Are you using a virtual private network (VPN) for remote access?
  • Have you reviewed all modem and wireless access connections known and ensure they are secured?

5. Privacy and sensitive information

  • Is customer financial information encrypted and accessible only to those who need it?
  • Are paper files kept in locked filing cabinets with controlled access?

6. Audit

  • Do you do a periodic audit (every six months at least) of your security checklist?