Questions? Contact Us

 

Latest News

Featured News & Events

What’s on your cyber security checklist?

If you're using October – National Cyber Security Awareness Month – to take a hard look at your security practices, policies, procedures and systems, we'd like to offer a starting point for a security checklist, examining some of the key considerations from a people, process and technology viewpoint.

People: Disgruntled or uninformed employees are one of the biggest risks to any organization. An unhappy employee with access to IT systems and applications can wreak havoc in an organization, especially those employees who work in IT and have privileged administrative rights. Uneducated employees are prime targets for phishing attacks or other social engineering tactics used to gather information, access and online credentials.

  • Have all my employees done cyber secuity training? Training needs to be part of the on-boarding process for new employees and should be done for all employees at least once a year. Many organizations choose to add additional security training (and testing) by secretly putting employees in situations to test how they would respond. For example, by planting USB drives on the ground or floor around or in the office, the security team can test employee knowledge and practice of USB use and security.
  • Consider background checks. Many businesses and organizations require background checks before it hires an employee or accepts a volunteer. There are several services available to consider if you feel its needed for your business.
  • Physical security plays a role. Although it technically may not be considered cyber security, physical control of who enters the workplace is important for both personal safety and cyber safety. It keeps the wrong people out of a building where computers may display applications and data or files may be on desks with useful hacking information. Having physical security in place can even help with forensic work if there is a breach. Ask yourself: Even though we use gates and badges, are employees "sneaking in" behind the car in front of them when the gate goes up? Are all employees scanning their badge or is a group walking in together as one employee opens the door?
  • Third-party partners can be the overlooked risk. If you outsource any of your work to third-parties and they have access to your IT systems, this is a risk factor that must be addressed. Some of the biggest breaches have been attributed to bad actors getting in via a third-party partner credential. Sit down with your partners and make sure their security is acceptable for your policies and ensure there is a security clause in your contract with them.

Process: Various processes can add layers of security and control, making it more difficult for bad actors to impersonate an employee or use their credentials. Other processes are mandatory to address regulations and guidelines.

  • Two-step or multi-factor authentication. This also can be considered under technology, but the process of using at least two-factors to access your systems and data is a must-do in today's computing environment.
  • Keep passwords unique and don't reuse them. Passwords are here to stay, at least for the foreseeable future, so make sure you practice good password hygiene and use strong passwords or phrases that are long easy for you to remember, but hard for anyone else to figure out.
  • Compliance. If your company is governed by regulations, are you meeting all the audit demands? The regulations are often presented clearly; it's up to you to implement the processes and procedures to implement them.

Technology: Today everything is Internet connected. The technology you are protecting from intrusion and tampering ranges from routers, VPNs, computers and mobile devices to databases and servers, cloud services, software applications, copiers and printers, and more.

The team at the National Cyber Security Alliance and U.S. Department of Homeland Security has assembled a great technology checklist to use year-round, not just during National Cyber Security Awareness Month. It provides a comprehensive list of technologies you need to think about and tips for protecting them. If you don't have a cyber security technology checklist, it's a great place to start. You can download it here: https://staysafeonline.org/wp-content/uploads/2017/09/Technology-Checklist-for-Businesses.pdf.

Cyber security is not something you want to leave to up to chance. Questions would you like to request a consultation to see how ZZ Servers can support your cyber security needs? Contact us today.

Kick off National Cyber Security Awareness Month w...
Three Ways to Improve the Security and Reduce the ...

Related Posts

 

Tag Cloud

spf cyber monday network management data privacy Disaster Recovery Plan Ubuntu spam Online Business HIPAA solutions compliance business community vps Reports Zendzian PCI Audit Internet Corporation Health Insurance Portability assesment video Firetalk business solitions Xen Security Home Depot Breach Windows HIPAA PCI Solutions business solutions Information Technology computer security phishing IT solutions bash malicious software computer networks credit card payment Web Hosting hosting control panel Accountability Act PCI Hosting Control Panel INFOSEC PCI Compliance security Medical Solutions Continuous Monitoring dsbl smartphone Sysadmin Interworx-CP HIPPA infrastructure follow.The HIPAA Privacy Rule Payment Card Industry InterWorx PCI command line IT Solutions embedded shared hosting caller-id cyber monitoring computing in the cloud protect data cyber liability insurance CentOs black friday security circles cell phone email Small Business cli HIDS cyber security pci complliant hosting iphone Las Vegas vyatta router firewall filter security PCI HIPAA Credit Card Security Medical Records physical employee training multi-factor authentication Cloud Computing sender policy Hackers qsa cloud infrastructure National Cyber Security Awareness Month cyber ICANN log files PCI Service Provider data breach Announcement members area PCI compliance search PCI DSS 3.2 Email OSSEC shared folders IT security compliant hosting health care providers safe computing activesync Linux GDPR IT services shared server Cybersecurity vulnerability scanning Internet infrastructure SSL DRP logical security HIPAA Solutions openssl credit cards stolen email accounts World Backup Day Assigned Names small business Business Solutions Compliance kerio passwords TiaraCon arduino Domani Names cloud password Cybersecurity Business Solutions lamp DEF CON Healthcare Records Business Planning mail server amazon ec2 Credit Cards blackberry shared secure hosting spoofing Debian Charleston dss education Car Hacking Vulnerability Server Mangement Internet Geekend Health Care Cybersecurity trends ZZ Servers anti virus David Zendzian eCommerce Alarm business social engineering information technology Positive Customer Impact Shmoocon intrusion detection physical security change IT Services IT phishing attacks teensy apache data protection two factor authentication recovering data support ipad QSA permissions VPS Servers cybersecurity personal information ZZ Servers Co-Founder TLS healthcare solutions eCommerce Solutions Presentation windows 7 exchange BSides Scalable Redundant Cloud Infrastructure businesses credit card cyber protection backup solutions motivation Hosting PCI Data Security Standards