Security Awareness
Employee errors are the #1 source of data breaches. Are your employees well informed, educated and aware of best practices in the following areas?
Employees know how to identify potential phishing scams, harmful attachments and spam.
No
Not Sure
Yes
Passwords
We routinely update passwords to contain complex configurations and have a procedure for securing them.
No
Not Sure
Yes
Shadow IT
Policies are in place to manage employees who use unauthorized file share programs, personal devices, external hard drives, social media, etc.
No
Not Sure
Yes
Awareness Training
We have regular opportunities for employees to learn about potential security threats and be tested on their cybersecurity awareness.
No
Not Sure
Yes
Hardware and Software
Desktop computers, devices, accessories, servers and multiple software programs used to conduct business all have their own security requirements. Do you follow industry best practices for refreshing the following hardware and software?
Computers
Our computers have been purchased in the last three years and all required system upgrades have been installed in that time.
No
Not Sure
Yes
Software
All software programs have received necessary updates in less than 30 days from updates being available.
No
Not Sure
Yes
Compatibility
Any specialized equipment (machine sensors, voice assist, legacy systems, etc.) and software can easily “talk with each other” securely.
No
Not Sure
Yes
Endpoint Security
Remote access to your networks from wireless devices, such as smartphones, tablets and personal laptops, can create pathways for security threats. Do you leverage security measures in each of the following areas?
Personal Devices
Policies are in place for employees who use personal devices for work to prevent data loss, and those devices have updated security software.
No
Not Sure
Yes
Firewalls
Our network security and firewall systems are regularly updated and monitored to ensure the latest and greatest defenses are in place to protect against internet-based cyber threats.
No
Not Sure
Yes
Enhanced Detection and Response
Not only do we have antivirus software, but we also leverage enhanced detection and response (EDR) software that looks for indications of compromise on our machines.
No
Not Sure
Yes
Monitoring
Our systems are monitored 24/7 to ensure critical updates are applied, maintenance is performed and dedicated IT personnel address emerging threats related to cloud-based security protection.
No
Not Sure
Yes
SOC Monitoring
Our systems monitor all of our log files across all IT systems and those alerts are generated to a 24/7/365 security operations center (SOC) team who will take immediate action if they see active threats in the environment.
No
Not Sure
Yes
Intrusion Detection System
We have an intrusion detection system (IDS) which monitors all network traffic inside and out of our network with alerts going to qualified security staff.
No
Not Sure
Yes
Backup Systems
Even when robust security measures are in place, there’s no 100% guarantee. Systems may be compromised through employee error, malfunction or natural disaster. How would you rank your ability to restore data?
Cloud Services
We’ve replaced antiquated on-site or tape backup systems with cloud-based backup capabilities that continually update to ensure data can be restored quickly.
No
Not Sure
Yes
Business Continuity Plan
We’ve outlined a detailed plan in the event a disruption occurs with clearly defined processes, and identified who will take certain actions.
No
Not Sure
Yes
Testing
Our backup system is regularly tested to ensure operation if called to duty, and we’ve conducted a practice drill.
No
Not Sure
Yes
Air Gap
Our backups are “air gapped,” meaning they are not accessible from our network and cannot be attacked.
No
Not Sure
Yes
