How to Create An 8-Point Office IT Security Checklist
Regardless of the size of your business—whether enterprise level, mid-market or a freshly minted small business—today’s climate dictates that you do some level of online business.
Having an online presence—no matter how big or small—is critical to reaching your prospective and long-time customers where they live. Your website, social media presence. your online store and the simple storage of data are all essential to the growth of your business.
Hackers are fully aware of your reliance on your computing system of course, and they have every intention of using any means available to them or designed by them to exploit your system to steal your valuable data.
You must contend with the good, the mundane, the challenging and the downright bad of all things computing.
One of your primary goals as CIO or IT manager certainly involves shepherding your organization’s computing system and its sensitive data, whether stored in-house or in the cloud. But where do you start when your daily schedule is consistently jam-packed?
CREATE YOUR 8-POINT OFFICE IT SECURITY CHECKLIST
Ask any IT leader the best strategy for maintaining strong privacy controls and an ultra-tight data security, and they are likely to tell you that creating an office IT security checklist is high on the list.
The U.S. Department of Energy considers an organizational tool like an office IT security checklist or a step-by-step cybersecurity awareness program an opportunity to cultivate a work environment where cybersecurity behaviors and responses are automatic and consistent to make it easier to prevent or halt any attempts to made by a hacker trying to compromise your system.
Our team of IT security professionals has developed a comprehensive checklist to keep your system locked up tight while still user-friendly and available to everyone with access privileges.
1. PERFORM AN INVENTORY FOCUSING ON THREE BASIC QUESTIONS ABOUT DATA
Answering a few basic questions about your company’s data can help you properly develop the rest of your office IT security checklist. We recommend the following three questions, based on ideas set forth by the Federal Communications Commission (FCC):
- What Kind of Data Does Your Business Handle?
- How Do You Handle and Protect Your Data?
- Who Has Access to Your Data and Why?
Most data has value to someone, but of course some has enough monetary value to make it worth it to break into your computing system. Your basic operations files are likely not the primary objective for cybercriminals who are more interested in your customers’ sensitive data like social security numbers, home addresses, birth dates, driver’s license numbers and banking information.
Basically, what are you doing right now to protect all data under your care, whether at rest or while on-the-move? Data that is on-the-move and active is any data that is in use for transactions, analysis and marketing purposes. Each time your data is accessed, it becomes exposed to unique risks.
Not everyone has, nor should they have, access to all company data. For example, your marketing team does not need to view employee payroll information. Restricting access to data makes it easier for you to monitor any usage of that information to keep it safe and prevent any unnecessary movement that exposes it to dangers. And this restriction has little to do with trust in your employees’ loyalty and integrity. It has more to do with limiting exposure to risk in the simplest way. Assign access to employees upon hiring, depending on their department and any other factors you determine, so you can manage and track their usage from the onset of their employment.
2. KEEP EVERYTHING UPDATED AND UPGRADED
From your operating system to your software programs to your hardware, updates are critical to keeping your system healthy, according to the American Institute of Certified Public Accountants (AICPA). Following are some of the key updates and upgrades that we recommend.
- Operating System Updates.
- Antivirus Updates.
- Hardware Updates.
- Web Browser Updates.
- Wireless Security Updates.
Whether you use Microsoft Windows or Apple OS, it is important that you set your system up for automatic updates.
This one is crucial to keeping your system safe, of course. Make sure your anti-malware programs are set up to frequently check for updates and scan the device, or devices, on a set schedule. In larger firms, you may update your antivirus through a centralized server. Even better, when you work with a cloud service provider, they continually monitor and manage antivirus updates.
Outdated hardware can create huge vulnerabilities for today’s business owners. Some of the hardware pieces you should regularly inspect include payment terminals that include “smart chip” readers, desktop and laptop computers, servers, mobile devices and Wi-Fi routers.
Old and outdated browsers may contain security holes, so do yourself a favor and regularly check for updates. Go ahead and download the latest browser version since they are easy to locate, download and install. In addition to the added security, the newer versions are usually much faster.
Check all wireless networks and access points to catch any rogue devices camped out to eat up bandwidth or worse. Make sure no one can access your wireless network without a password.
The Huffington Post posits that this step greatly reduces the risk of hackers exploiting security flaws created by outdated gear and programs. We agree that this portion of your IT checklist is great for exposing issues before they take root and cause bigger problems.
3. MANAGE PASSWORDS WITH REGULAR PASSWORD AUDITS
During your password audits, review any changes—actual or up for consideration–in employees’ access to sensitive networks and data. Also, make sure all passwords pass the strength muster. You may even consider investing in a “password manager” tool that employees can load onto their computer desktop. These tools remind employees to periodically update their passwords and will prompt them to strengthen their password, if necessary.
4. REVIEW AND UPDATE IT POLICIES
Employees have a responsibility to help you keep your computing system safe, therefore it makes sense that you create and regularly update IT policies that help you do so. Make sure to address issues that include visiting safe websites, email sending and opening protocols, BYOD (Bring Your Own Device) and remote access. Give employees new copies of the policy manuals when updated, and provide any necessary training to help reinforce policies.
5. CHECK FOR NEW OR UPDATED REGULATIONS AND LAWS TO ENSURE COMPLIANCE
Regulations and laws are often put into place by their respective agencies and bodies to help keep data safer. These bodies have a unique perspective on data—often in a specific industry, such as healthcare or finance—that you may handle and provide standards that help you keep that data safe while it is in your care. Work with your legal and compliance team, or your auditing team, to ensure that you have reviewed and are following any new or updated regulations and laws.
6. DEVELOP AND PRACTICE A DATA BREACH RESPONSE PLAN
While you and your team work to prevent a data breach, you must prepare for one, just in case. Put a security incident response in place to confirm when, where and how data has been compromised, as well as what subsequent steps you take. Create a manual or PDF that you can distribute to educate personnel on how to document events leading up to the breach, notification of appropriate personnel to proceed to the next step and developing and internal and external communications strategy.
7. MAKE SURE YOUR PHYSICAL SPACE IS SECURE FOR YOUR HARDWARE
Don’t underestimate the power and prevalence of real-world hardware theft that can result in compromised data. Design and implement security controls that include the installation of security cameras, as well as the limitation of access to sensitive areas to only key employees.
8. CALL ON THE SERVICES OF A PROFESSIONAL AUDITING TEAM
A highly skilled and experienced professional auditing team can help you ferret out any underlying issues you and your team stand the risk of missing or overlooking due to an overloaded schedule, or any number of other legitimate reasons. The right auditing team can help you dig up any possible risks, threats and vulnerabilities that could allow for an eventual data breach. Request that your team make sure to check your firewalls and encryption settings, for starters.
LET US KNOW IF WE CAN HELP YOU FURTHER DEVELOP YOUR OFFICE IT SECURITY CHECKLIST
Our auditing professionals at I.S. Partners, LLC. are here, ready and able to help you develop an ironclad office IT security checklist to ease your workload and your mind.