Ransomware and other cyberattacks continue to escalate. Bad actors continually create more sophisticated attacks and can be ruthless in carrying out extortion and data theft. We must all be vigilant and constantly increase protections. Security is a complex topic and good security requires many layers. But it all starts with developing and managing your security plan. Company leadership and IT leadership must have a plan that includes a regular review and upgrade of your security protections on at least an annual basis. Below is a high-level cybersecurity checklist to help you achieve and maintain good cyber hygiene.
Strategic Business Technology Review Meetings & Security Risk Assessments
Business leaders must meet with their IT team (internal and/or outsourced) at least on an annual basis to review their technology strategy and plan. This must include an assessment of risks to prioritize mitigating the most-likely, highest impact risks. Cybersecurity is never “finished.” We must constantly increase our cybersecurity to respond to ever-increasing threats.
Proactive Monitoring, Patching, Security Updates
All systems must have the latest security patches. This inherently requires that operating systems and applications are kept current. Your IT team should automatically monitor your systems for issues and perform automated updates. This must be followed-up by strong review and auditing processes to ensure that nothing slips through the cracks.
Insurance Review
Review your cyber liability, crime and other relevant policies with your insurance agent to further mitigate your risks. Expect underwriters to have you perform a thorough analysis of your IT security practices and report the results on your application. Take the questions insurance underwriters seriously and perform upgrades where appropriate. Also, to avoid risk of denial of a future claim, ensure that all your responses to your insurance application are completely accurate.
Data Breach and Cyber-Attack Response Plan
It’s human nature. You will not be thinking clearly when a disaster strikes. Adrenaline will kick in. Blood pressure will rise. It is essential that you calmly and thoroughly think through your emergency response plan far in advance of any future incident. So, when the worst happens, you will take a deep breath and begin to follow your plan. A solid response plan will minimize the impact to your business and your stress level.
Ransomware Backup and Disaster Recovery Plan
Ransomware continues to be a significant threat. Increasingly, ransomware will seek out and disable your backups before encrypting your production data. Ensure that your data is backed up and recoverable in the event of the most sophisticated attacks. Review the protections in place to segregate your backups from the day-to-day data. And always verify, verify, verify your backups.
Security Awareness Training
Employees accidentally clicking on a phishing email or downloading an infected file or malicious application is still the No. 1 way cybercriminals hack into systems. Training your employees frequently is one of the most important protections you can put in place. Implement plans to inform and remind your employees to be on high alert and reduce their likelihood of clicking on the wrong email or succumbing to other scams.
Web-Filtering Protection
Porn and adult content is the No. 1 thing searched for online, most often during the 9-to-5 workday. Online gaming, gambling, and file-sharing sites for movies and music are also ranked in the top searches and are “click bait” hunting grounds for hackers. These are sites you do not want your employees visiting during work hours on company-owned devices. If your employees are going to infected websites, or websites you do not want them accessing at work, they can expose you to viruses and hackers.
Policies and Protocols
Security and compliance start with strong policies and protocols. Your cybersecurity checklist will be exhaustive – including secure remote access, physical security policies, mobile device policies, etc. Designate a security officer and expect the policy administration to be a significant component to your plan.
