The evolving threat landscape is putting organisations under pressure to address IT Security at every level. Breaches, regardless of the severity, can be disruptive, costly and damaging to a businesses reputation.
- Do you have monitoring in place with your IT provider to alert you to issues that could cause outages?
- Do they apply security updates/ patches and do they preform regular file-restores?
- Does your organisation have industry-standard Firewall hardware installed and correctly configured to the highest security settings?
- Does your organisation have anti-virus protection in place on all devices?
- Is this a managed service in terms of renewals and new activations?
Laptop/Mobile Device Encryption
- Recommended by GDPR as an appropriate way to achieve data protection goals, this is a prerequisite for all businesses with staff Laptops/mobile devices. If you don’t have encryption enabled on laptops/mobile devices you should address this as a matter of priority.
Strong Group Policy Settings
- Are passwords set to change regularly?
- Are there screen-lock settings in place?
- Are staff advised about password complexity and not sharing passwords?
- Are restricted access levels in place for administration access?
Data & GDPR Compliance
- Do you know how all your data is stored, shared and remotely accessed in your organisation?
- Do you have retention polices in line with GDPR guidelines?
- Do you have a nominated data processor/controller?
- Do you have a process for a data breach?
- Do you have local/cloud backups activated in case of data loss? Does your organisation have a business continuity plan in place to make sure you can recover quickly from a disruptive event?
- Third-party applications, particularly those that are Cloud-based are particularly vulnerable from a security perspective.
- Is Two-Factor Authentication in place for those products?
- Do users have separate passwords?
- Cloud-based email products like Office365 also need an extra layer of protection. Office365 has Two-Factor Authentication as an added feature, make sure this is activated.
Mobile device usage and BYOD
- Does your organisation allow staff to have email on personal devices?
- Are there usage policies in place for mobile devices and BYOD (Bring your own Device) policies for staff who use their own devices?
- Are files/folders held on individual machines or stored in a central location?
- It is good practice to advise staff not to store files/folder on individual machines.
- Do you communicate with staff about what to do if they get a potentially harmful file or if they think their machine has been hacked?
- Do you have controls in place with key functions like finance to question emails that relate to funds-transfer?
- Have you ever performed internal/ external vulnerability testing on your IP’s addresses?
- Does your organisation have WIFI in place for staff and guest users and are they separate so guests cannot get onto the network?
If you have completed the checklist and have concerns about any of the areas listed above, please contact us at enquire@supportIT.ie or visit Security and Network Management for more information.
supportIT can conduct a review of all internal policies, processes and infrastructure that relate to IT security. A full recommendations report is part of the service, which includes vulnerability testing.
Find out how we can support your business, email us at enquire@supportIT.ie or Low-Call 1800 887 818.