Making Your (Cybersecurity) List, Checking It Twice

By this time of year, Santa has nearly wrapped up his list, but have you started yours?

We’re all busy and no stranger to lists when it comes to getting things done efficiently and completely. You probably have a list for your gifting, a grocery list for the big family meal, and even a to-do list of critical tasks to finish at the office before you head home for the holidays.

This year, consider adding just one more list to your arsenal: A cybersecurity checklist is one quick way to see if your company’s cybersecurity program is naughty or nice.

 

Be Good, for Goodness’ Sake

Business owners, operators, managers, and IT resources alike  know the importance of cybersecurity. There are a ton of resources and tools out there to help with protection, but it can be tough to know where to start.

Even if a cybersecurity program is in place, it’s important to evaluate it frequently and make sure all bases are covered:

  • Protecting yourself holistically and effectively

  • Taking full advantage of all tools and components

  • Tackling any next steps realizing improvement

  • Maintaining security as an ongoing posture, not a project

Running through a checklist periodically is a great way to get a quick overview of your organization’s cybersecurity. Take a look at our recommended checklist here, covering many aspects of an ideal cybersecurity program and posture.

Cybersecurity Checklist

Program

  • Includes three key security layers: Foundation, Culture, and Technology

  • Runs 24/7/365 to protect your business

  • Provides visibility and ongoing recommendations

  • Operates in a model of continuous improvement

 

Foundation

  • Business and cybersecurity leaders know where the company stands

  • Dedicated employee takes responsibility for cybersecurity

  • Technology and Data Use Policy is in place, up-to-date, and enforced

  • Monitoring Dark Web and data dump repositories for compromised credentials

  • Ethical hackers regularly attempt to break into systems and report back findings

  • Incident Response Plan in place in case of an attack, breach, or other incident

  • Cyber insurance in place in case of a breach

 

Culture

  • Leadership on board and actively prioritizing cybersecurity

  • Company culture of cyber-defenders

  • Continuous employee education starting on Day 1

  • Regular employee testing through phishing simulations

  • Ongoing promotion of cybersecurity awareness through emails, posters, and flyers

 

Technology

  • Software updated for all devices and applications

  • State-of-the art protective defense in place, beyond traditional antivirus

  • Regular website scanning for security vulnerabilities, hacking, and other issues

  • Company, customer, and employee sensitive data secured and encrypted, both while at rest and over email

  • Mobile device protection with the ability to wipe, lock, or locate company phones

  • Network scanning and monitoring to check for security holes and attacks

 

A comprehensive, ongoing, cybersecurity program helps minimize the chance, and the potential damage, of an incident. So this holiday season—and all year round—remember to make your cybersecurity list and check it twice. Without question, this is one area you want to err on the side of nice!

 

Stay Safe,

Your Friends @ Defendify