Your Cyber Risk Self Assessment Checklist

You don’t prepare for a hurricane after it hits, right? You shouldn’t think about cybersecurity threats after you’ve been hacked.

While there is no way to completely eliminate cyber risk, there are steps every business – from the smallest Main Street shops to the international joint ventures – can take to drastically reduce not only the likelihood of a breach, but also the overall impact should one occur.

Consider using this checklist to help establish a basic understanding of the current level of cyber risk your organization is facing. It will also identify specific areas where improvements can be made, thus reducing risk.

Security Policies

-Does your organization maintain information security policies?

-Is there a mechanism for information security policy enforcement?

-Does your organization maintain configuration management policies and tracking of all software and hardware?

-Is sensitive data (HR, financial, intellectual capital, etc.) labeled as such?

-Is access to sensitive data controlled and logged?

Incident Response

-Do you have an incident response plan?

-Has your incident response plan been tested?

-Do you have an incident response team/cybersecurity firm/general counsel/crisis communication firm identified?

Continuity of Operations

-Have you systematically evaluated all of the potential sources of disruption to your business?

-Do you have an active program to reduce the likelihood of a disruption?

-If you could not re-enter the workplace because of an emergency, do you have a pre-determined location to meet?

-Do you maintain a list of employees, customers and suppliers at an off-site location?

-If you lost a critical system, do you have a pre-determined plan to restore the system?

-Is your business resumption plan securely stored in a remote location?

-Do you periodically test your business resumption plan along with your site emergency response plan?

Business Processes

-Do you have proven anti-virus software loaded and active on your computer?

-Do you delete, without opening, emails from unknown sources?

-Do you back up data on a regular basis?

-Do you utilize strong, difficult to guess passwords?

-Do you use security hardware and software such as firewalls and intrusion detection/prevention systems?

-Are you maintaining configuration management through security policy implementation and systems hardening?

-Are you maintaining software patch management on all systems by following a regular schedule for updates?

-Do you subscribe to security mailing lists?

-Are you performing security testing through security audits and penetration scanning?

-Are you ensuring physical security of systems and facilities?

-Do you ensure users have anti-virus software loaded and active on their systems?

-Are you maintaining operational management through the review of all log files, ensuring systems backups with periodic data restores and reporting any known issues or risks?

If assistance is needed with addressing any of the items on this list, Sera-Brynn can be reached at 757-243-1257.