Top 10 Cyber Security Checklist for Your Small Business

We all know that IT security must be taken seriously and be a continuous priority for all companies. While companies and individuals cannot be fully protected from cybersecurity threats, implementing best security practices on cybersecurity audit checklists significantly reduce the risk of hackers and employees becoming disaster victims.

The following is a "Top 10"small business cyber security checklist for professionals and small businesses who want to protect themselves from all known cyber threats.

1.       Keep your operating system updated: Whether you run on Microsoft Windows or Apple OS X, you must configure your operating system for automatic updates. Shutting down or restarting your computer overnight will speed up the installation of updates (eliminating system interruption). System updates are especially important for server operating systems that need to verify and update all patches and updates on a regular schedule. Employees must be notified to configure their smartphones and tablets to automatically update the iOS, Android or Microsoft Windows Phone operating system.

2.       Antivirus updates: Businesses now have antimalware programs that check for updates frequently and automatically scan devices on a set schedule with media inserted into workstations (USB thumbs and external hard drives). Must be set. Large companies need to configure their workstations to report the update status of the antivirus to a central server that can automatically send updates as needed.

3.       Secure password policy: IT policies must require complex passwords of at least eight characters, combining uppercase, lowercase, numbers and special characters. In the network configuration, staff must change passwords four times a year, and staff should not be able to use the previous ten passwords. The best practice is to use a different password for each login so that no one knows the password.

4.       Use the automatic screen lock: if your workstation or mobile device is idle for a few minutes, you must set your screen to lock automatically to avoid prying eyes from your system.

5.       Equipment Tracking - Know where your business data is, not just on servers and workstations, but also on mobile devices, USB thumb drives, backup systems, and cloud locations. Companies should strive to limit access to corporate resources to only the staff that absolutely needs them. Using inventory tags to verify assigned devices can also help keep track of corporate devices.

6.       Secure devices: devices that contain corporate and customer data must be physically or digitally protected. The local file server must be located in a closed room/cage and the office needs a security system. Lock your mobile device when not in use and encrypt your data drive.

7.       Proper Data / Equipment Disposal: All physical files and document drafts that contain unnecessary personally identifiable information are shielded and shredded to minimize the risk that Recycle Bin divers will access taxpayer identification. Work and other mobile devices used to process customer data must be completely reformatted or physically destroy the hard drive to minimize the risk of unauthorized data recovery.

8.       Backup data encryption: Businesses need to encrypt backup media leaving the office and verify that backups are complete and usable. Companies should periodically verify the completion of backup records and randomly restore files to work when necessary.

9.       Minimize administrative rights: Allowing a workstation to run in administrator mode exposes the machine to more security threats and can infect the entire network, causing computers in administrative mode to not perform normal tasks.

1.   Secure transmission: companies need to standardize tools that allow the secure transmission and reception of customer files. All personnel should be educated about the use of company portals or encrypted email solutions for files containing confidential data.