• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Advisors Site Logo

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • Cyber Risk Advisory
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial
    • Government Contracting
    • Healthcare & Community Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

The Ultimate Cybersecurity Checklist

December 21, 2020 by The Hartman Team

a cybersecurity consultant ensuring that an application is secureIn today’s sophisticated digital landscape, cybersecurity threats have evolved past traditional brute-force login attempts. Hackers are relentless in their attempts to breach business systems and manipulate employees into providing confidential information. With more than 70% of cyberattacks involving phishing, it is crucial to ensure systems are secure and that staff can easily recognize a phishing attack before they take action and expose private information.

While there is no way for an organization to completely eliminate all cyber threats, there are many actions that can be taken to mitigate risk and strengthen overall cybersecurity posture.
This comprehensive cybersecurity checklist below will help organizations minimize risk in 2021 and beyond.

1. Create A Cyber Strategy Separate From IT

It may seem natural to have IT focus on cybersecurity, since it concerns safeguarding primarily digital information. However, cybersecurity is a business risk, and IT is just one aspect of it. To avoid conflicts of interest, cybersecurity is best handled by another key player – the chief information security officer (CISO), who addresses cyber risks at the business level and develops plans for mitigation and response. Protecting against these risks requires support from IT, but also from other areas of the business, such as operations and human resources.

2. Develop An Effective Cyber Incident Response Plan

An incident response plan can help staff more effectively detect, respond to and recover from cybersecurity incidents. In some industries, it is required by law to have a proper plan in place, — however, all organizations that use technology to access sensitive data should follow incident response guidelines. The incident response plan should clearly state how to document and mitigate cyberattacks, as well as outline the steps required to take when working toward getting systems and software running immediately after an incident.

3. Train Employees On Cybersecurity Awareness

an employee who has received proper cyber training to prevent attacksCOVID-19 has prompted a new wave of phishing and ransomware attacks as cyber criminals take advantage of distracted and stressed employees. While spam filtering can identify some malicious emails, others that appear authentic will find their way into an employee’s inbox. As one wrong click on a malicious email could expose an organization’s sensitive information, employees should undergo thorough and ongoing cybersecurity training with a focus on mitigating potential attacks by keeping a close eye on their email. Employees should be trained not to open emails or click links in emails from unknown senders and to report potential phishing attacks to leadership.

4. Ensure A Strong Password Protocol

Organizations should utilize a password manager to guarantee strong protection over personal and company passwords. This type of system will store and encrypt all passwords, preventing anyone from gaining access without first verifying their identity through two-factor authentication. Employees will only need to remember one master password, and the stored account logins and passwords, which are generally a sequence of randomized alphanumeric and special characters, cannot be traced back to the password manager.

5. Enable Automatic Operating System Updates

Updates for operating systems are often deployed to minimize or remove vulnerabilities from previous versions. For most employees, remembering to check devices for newer operating system versions can be difficult. Therefore, ensuring each company device has automatic updates enabled will reduce the likelihood of abreach. When devices are updated, malicious software that is built for a specific version will be identified and removed by the operating system in a future update.

6. Use A Secure Connection For Company Devices

a secure connection used on a company device in order to reduce cyber risksEmployees should only connect to the corporate network using company devices, and company devices should not be connected to a public network. COVID-19 has required the majority of businesses to work from home, and therefore it is important to ensure that employees are only connecting to a private in-home network, mobile hotspot or virtual private network (VPN) recommended by the organization. Employees should follow a secure protocol when visiting websites by looking for HTTPS in the URL or a lock icon in place of it.

7. Back Data Up To An Encrypted Drive

In the event an employee must reset their drive for any reason, they must be able to immediately recover their data from their last save points. IT should be responsible for backing up information, and should review backup logs and test them routinely to verify that the data is current and can be recovered at a moment’s notice.

8. Keep Antivirus Software Up-To-Date

Having antivirus software on a device does not always yield protection as new viruses are produced by hackers every day. Updating antivirus software will provide employees’ devices with new information on malware, spyware, ransomware and other types of viruses to increase their chance of being removed. Similar to operating systems, antivirus software can be set to update automatically.

9. Limit The Number Of Network Administrators

No employee outside the IT department should have the ability to change details about the network or install applications outside the company’s approved list. By limiting the number of administrators for the network and its devices, security risks will be significantly reduced and the company will have more visibility over its devices. Another best practice involves auditing and deleting accounts from employees who have switched workstations or are no longer employed by the organization.

10. Enable Auto-Lock For Company Devices

a computer that is using auto lockComputers that have not been in use for a short length of time (approximately three to five minutes) should automatically lock its screen and force the user to log back in. This will prevent potential onlookers who are either inside or outside the building from seeing what is displayed on the device. Additionally, forbidden users can access the computer remotely while it is logged in, which is why the device should not be active while not under direct supervision from the employee.

11. Dispose Equipment And Data Securely

Devices that contain sensitive information should not be thrown out when no longer in use. The hard drive should be completely formatted to remove all data, and it should be either shredded or electronically recycled. Without physical destruction of the hard drive, any associated data can be fully recovered using a SATA cable. It is important, however, to ensure the data from the drive is backed up before destruction.

12. Use An Encrypted Email Or Messaging Server

Email is used by employees every day, meaning they are always at risk of falling victim to an attack. Using an encrypted email or messaging server to communicate work-related information and passwords will limit the chance of a message being intercepted and/or deciphered by a cybercriminal. Email servers that use spam filtering technology will automatically locate and remove emails that appear to be phishing attacks from employees’ inboxes to decrease the possibility of unwanted emails reaching those individuals.

13. Conduct Regular Cybersecurity Assessments

a cybersecurity advisor reviewing a cybersecurity checklist with a business ownerSystems and software should be audited on an ongoing basis to look for new risks. While the newest version of a particular software may seem safe to implement, some updates may accidentally break an organization’s systems or expose them to threats due to an unstable release that is being rolled out. It’s a best practice to speak with an independent cybersecurity consultant when auditing a network as they bring extensive knowledge and can make informed recommendations.

14. Employ Third-Party Penetration Testing Services

If a third-party cybersecurity firm can breach into systems, a malicious individual likely can as well. Penetration testing, otherwise known as “ethical hacking,” can be employed to identify any vulnerabilities in a network and work to effectively remove them before being discovered by any unauthorized users. While this can be an expensive service, the cost does not compare to the millions of dollars in fines that a data breach comes with.

Speak With A Professional Cybersecurity Consulting Firm

All businesses are susceptible to cyberattacks, but leaders need to do everything within their power to mitigate risk and lessen the impact of any potential incidents. Hartman Executive Advisors offers cyber risk assessments that employ a wide variety of techniques to accurately assess an organization’s business-specific cybersecurity threats. Reach out today to schedule a consultation and start 2021 with a clear and strategic approach to managing cybersecurity.

categories logoCybersecurity

Primary Sidebar

Types

  • Article
  • Press
  • Vlog

Topics

  • COVID-19
  • Cybersecurity
  • Featured
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Risk Management Consulting
  • Strategic Services
  • Systems & Software

Related Blogs

a malicious individual about to commit a cybercrime during COVID-19

Government Warns of Increased and Imminent Cybercrime Threats — What You Need to Know and How to Prepare Your Business

November 13, 2020

COVID-19 cases are on the rise in the United States, and many people are experiencing “COVID fatigue” and starting to let their guard down due to [...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.
© 2021 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use