Questions? Contact Us


Latest News

Featured News & Events

What’s on your cyber security checklist?

If you're using October – National Cyber Security Awareness Month – to take a hard look at your security practices, policies, procedures and systems, we'd like to offer a starting point for a security checklist, examining some of the key considerations from a people, process and technology viewpoint.

People: Disgruntled or uninformed employees are one of the biggest risks to any organization. An unhappy employee with access to IT systems and applications can wreak havoc in an organization, especially those employees who work in IT and have privileged administrative rights. Uneducated employees are prime targets for phishing attacks or other social engineering tactics used to gather information, access and online credentials.

  • Have all my employees done cyber secuity training? Training needs to be part of the on-boarding process for new employees and should be done for all employees at least once a year. Many organizations choose to add additional security training (and testing) by secretly putting employees in situations to test how they would respond. For example, by planting USB drives on the ground or floor around or in the office, the security team can test employee knowledge and practice of USB use and security.
  • Consider background checks. Many businesses and organizations require background checks before it hires an employee or accepts a volunteer. There are several services available to consider if you feel its needed for your business.
  • Physical security plays a role. Although it technically may not be considered cyber security, physical control of who enters the workplace is important for both personal safety and cyber safety. It keeps the wrong people out of a building where computers may display applications and data or files may be on desks with useful hacking information. Having physical security in place can even help with forensic work if there is a breach. Ask yourself: Even though we use gates and badges, are employees "sneaking in" behind the car in front of them when the gate goes up? Are all employees scanning their badge or is a group walking in together as one employee opens the door?
  • Third-party partners can be the overlooked risk. If you outsource any of your work to third-parties and they have access to your IT systems, this is a risk factor that must be addressed. Some of the biggest breaches have been attributed to bad actors getting in via a third-party partner credential. Sit down with your partners and make sure their security is acceptable for your policies and ensure there is a security clause in your contract with them.

Process: Various processes can add layers of security and control, making it more difficult for bad actors to impersonate an employee or use their credentials. Other processes are mandatory to address regulations and guidelines.

  • Two-step or multi-factor authentication. This also can be considered under technology, but the process of using at least two-factors to access your systems and data is a must-do in today's computing environment.
  • Keep passwords unique and don't reuse them. Passwords are here to stay, at least for the foreseeable future, so make sure you practice good password hygiene and use strong passwords or phrases that are long easy for you to remember, but hard for anyone else to figure out.
  • Compliance. If your company is governed by regulations, are you meeting all the audit demands? The regulations are often presented clearly; it's up to you to implement the processes and procedures to implement them.

Technology: Today everything is Internet connected. The technology you are protecting from intrusion and tampering ranges from routers, VPNs, computers and mobile devices to databases and servers, cloud services, software applications, copiers and printers, and more.

The team at the National Cyber Security Alliance and U.S. Department of Homeland Security has assembled a great technology checklist to use year-round, not just during National Cyber Security Awareness Month. It provides a comprehensive list of technologies you need to think about and tips for protecting them. If you don't have a cyber security technology checklist, it's a great place to start. You can download it here:

Cyber security is not something you want to leave to up to chance. Questions would you like to request a consultation to see how ZZ Servers can support your cyber security needs? Contact us today.

Kick off National Cyber Security Awareness Month w...
Three Ways to Improve the Security and Reduce the ...

Related Posts


Tag Cloud

Vulnerability small business business shared server PCI Hosting DEF CON personal information IT solutions backup solutions Security computing in the cloud multi-factor authentication SSL Web Hosting spoofing bash apache log files PCI Audit INFOSEC cyber security IT services business community Scalable Redundant Cloud Infrastructure infrastructure Internet infrastructure phishing shared hosting PCI compliance dsbl Ubuntu World Backup Day IT Solutions IT protect data businesses cybersecurity VPS Servers malicious software PCI DSS 3.2 Medical Records QSA credit cards stolen mail server Continuous Monitoring Business Planning eCommerce Solutions Domani Names data protection hosting control panel vulnerability scanning information technology Reports pci complliant hosting Shmoocon cloud infrastructure CentOs dss Accountability Act anti virus cyber protection teensy credit card payment Online Business HIPAA Solutions business solutions eCommerce arduino security circles ZZ Servers phishing attacks cyber follow.The HIPAA Privacy Rule compliant hosting ZZ Servers Co-Founder employee training spam two factor authentication HIPPA TLS Firetalk Credit Card Security iphone members area qsa credit card recovering data cell phone email activesync Internet cli HIDS support kerio caller-id data privacy trends motivation PCI Data Security Standards lamp cyber monday David Zendzian OSSEC ipad GDPR embedded safe computing HIPAA Windows IT security vyatta router firewall filter security PCI HIPAA physical sender policy command line DRP email accounts social engineering Business Solutions Las Vegas exchange Server Mangement Charleston Assigned Names Payment Card Industry Interworx-CP blackberry change Car Hacking Debian cyber monitoring passwords search black friday cyber liability insurance Health Care Cybersecurity windows 7 cloud business solitions Healthcare Records amazon ec2 BSides Positive Customer Impact PCI Cloud Computing Control Panel computer security Compliance Sysadmin openssl Small Business shared folders PCI Service Provider InterWorx Hosting data breach Presentation intrusion detection video Cybersecurity Business Solutions physical security Xen Geekend Zendzian TiaraCon Linux Internet Corporation vps Medical Solutions National Cyber Security Awareness Month HIPAA solutions shared secure hosting PCI Compliance management Cybersecurity healthcare solutions Announcement Credit Cards Email Information Technology permissions ICANN Health Insurance Portability PCI Solutions spf Hackers Alarm network IT Services compliance health care providers education Home Depot Breach logical security assesment computer networks password smartphone Disaster Recovery Plan security