Cyber security breaches come in all shapes and sizes. Your mind will generally race to images of clandestine geniuses huddling over a computer hacking businesses just for the heck of it. Hackers are definitely a big problem, and they target businesses of all sizes. Don’t think because you’re a SME you’re exempt from the attention of online criminals. In fact, they’re probably more interested in you because traditionally SME’s have less rigid cyber security in place than large corporates.
Security breaches often come in less sinister forms though. In fact, they normally come from within the organisation – from your own employees. Normally not done with sinister intentions, this could just be a lapse of judgement or an unwitting mistake.
To stop hackers in their tracks and to keep your employees in tune with your security objectives is an ongoing task. It needs regular reviewing, investment and management to keep your data safe and your business operational. Schedule in regular security audits to ensure your investment of time, finances and energy are having the required results.
Smile IT has put together this cyber security checklist to help you stay on top of your security. Use this as a guide for your audits and it’ll help keep your business protected, no matter what size you are.
Cyber Security Checklist
Software
It’s easy to ignore software updates rather than spend a few minutes doing something that doesn’t seem that important. On the contrary, these updates are essential to protecting your data. It’s easy enough to set our computers or devices to auto-update, which might be a good policy for all your staff to implement.
Part of your best practice should be ensuring all employees are using the most up-to-date software. This includes web browsers, plug-ins and applications and operating systems. The updates will have security fixes to problems that might have been exposed recently and protect you from the latest threats.
Operating Systems Check
Many businesses run on outdated operating systems and other technology because, well, ‘if it ain’t broke don’t fix it’. We see many businesses using systems that have reached their end of service, such as Windows XP.
This is a very real threat to your security, because the manufacturer of these systems is no longer updating them or providing support. This means you don’t get access to any new features, but more importantly you’re not getting any more security updates. You’re not protected from new threats that arise in the cyber world.
Our recommendation would be to make sure all your computers and devices are on the very latest operating system.
Antivirus check
All computers should be running a solid antivirus program, especially if they’re being used remotely and on different networks. It’s really important to keep this software updated. The signature files of the program contain a list of all the viruses out there, and as new viruses arise they’re added to the list. Updating your signature files ensures your program protects you from all the latest and nastiest viruses out there.
Firewall
If you’ve got a corporate network for your business, you need a firewall. A firewall basically ensures that there’s no unauthorised access to your network, allowing only recognised computers and individuals in. Hackers and malicious software are kept out, which not only protects your data but prevents your computers from being used for criminal activities without your knowledge.
Like all software, you’re going to have to keep your firewall updated so it is able to detect the latest threats. It requires configuration and maintenance and should definitely be evaluated every time you do a security check.
Data Backup and Encryption
Data is the lifeblood of most organisations and should be treated as such in any cyber security checklist. As well as an onsite backup, it’s a good idea to opt for an offsite physical backup as well as a cloud backup. These need to be easily accessible and offer quick restoration to minimise downtime. Ideally the backups should be encrypted too, to prevent access from unwanted parties.
Data loss comes in all shapes and sizes, from an employee mistakenly deleting files to a fire destroying your office servers to a hacker compromising your information. Solid and reliable backups will mean these occurrences don’t harm your business continuity.
Password Policy
A lot of data breaches come about because of weak passwords. You can have as many security measures in place, but they’re rendered useless if employees are using weak passwords that can be easily hacked.
Passwords should be at least eight characters, with a combination of upper- and lower-case letters, special characters and numbers. They should also be regularly changed. Have a read of this blog post for more information on increasing your password security.
Multi-factor authentication
Multi- or two- factor authentication is an important additional method of boosting your password security. It involves an extra one (or more) layers of security when you log into an account, such as a text message or an email or a code from an authenticator app. This means even if your password gets stolen, access will still be restricted if the second piece of authentication isn’t provided.
This is an important part of your cyber security checklist. You can read more about MFA in this blog post.
Secure Email
A-ha, the old phishing attacks will get you every time. Well not really, not if you’re prepared for them. Many data breaches begin with emails purporting to be from legitimate organisations, which then lure you into giving out your personal details online. Your staff need to be aware of what these emails look like, with a good start being reading this article about phishing.
Your company mail servers also need to be protected, and certain suspicious attachments should not be allowed to pass through.
Employee Training
Only about half of all companies implement cyber security, which is not ideal since so many breaches can happen internally.
A training program helps everybody keep abreast of data security, company policies, best practice procedures and how to secure their email.
It’s important to remember that cyber threats are constantly evolving and advancing. Your training needs to be something that happens upon company induction, and at regular intervals too. This way everyone is kept up to speed with the latest developments.
Procedures and policies
Your policies and procedures indicate your commitment to protecting your company’s data and property. They help you stay compliant and secure and should be regularly reviewed to ensure their relevance. You should have policies around: internet access; remote access; personal devices connected to the work network; privacy, network security; email and communications.
Employees should be trained in the best practice procedures and policies which are compliant with government and legal regulations.
Hopefully this cyber security checklist will help you implement a robust and virtually impenetrable cyber shield for your business. If you have any questions about how a managed service provider like Smile IT could help strengthen your defences, please get in touch. We’re a Brisbane IT company with a national client base, and we’d love to help you out!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!