The year 2020 was an active period for hackers infiltrating small businesses’ cybersecurity. Working remotely - is the cause; CIRA conducted a Cybersecurity Survey where two-thirds of IT workers were working from home due to the pandemic. When employees work from home, they remove themselves from the company firewall and security. Most of the fraudulent claims are coming into email inboxes and over social media channels. In the same study, CIRA noted that the human resources dedicated to cybersecurity are down 45% from 2019. So, what can small businesses do to protect themselves against cyber-attacks? The simple answer is to create an IT security checklist.

What Is An IT Security Checklist?

This living document covers an entire information technology infrastructure which includes: personal computers, company servers, network routers, switches, and so on.

There are a few steps to take to create a successful IT Security Audit, and we will go through each step thoroughly.

Assess The Current Security State

For a business owner to fully understand their security needs, one needs to do a physical audit. Go through each of the following categories of security controls to add to your checklist.

• Physical Security

A person’s natural thought of IT security goes to networking and infrastructure, so this type of security often gets missed. However, a business must have protocols when employees have access to the server and electronic information systems. There should be deadbolts or another locking feature to mitigate physical tampering to electronic devices. Ensure that, if needed, you have security personnel present to escort technicians or employees to and from electronic information systems.

• Administrative Security Controls

With today’s technological advances, it will take mere seconds for a hacker to infiltrate, copy, and destroy electronic files. It is vital to educate employees on the realities of cyber security to mitigate as much human error as possible. One click from an unknown email address could cause catastrophic failure - internally. Consistent education and training on phishing and malware will empower employees to fight against attacks coming into a company.

• Technical Security Controls

With the development of information storage like cloud services, SaaS platforms, network devices, and IaaS platforms, a business should hire an IT professional to come in and set up IT security. Due to their complexity, there will need to be care and attention to detail while integrating security systems into your organization. Do you need to hire an in-house IT expert, or is it within budget to outsource locally?

• IT Infrastructure Security

Ask yourself some of the following questions and add them to the checklist:

Do you purchase your equipment only from authorized resellers?

Are antivirus and malware protection installed on all computers and mobile devices?

Do you maintain a list of all your hardware including, the device name, type, location, serial number, service tag, etc?

Do you have the latest drivers installed on all your devices?

Do you download firmware, updates, patches, and upgrades only from validated sources?

Do all purchased devices

Do you purchase your equipment only from authorized resellers?

• Network Security

Common weak spots of any IT infrastructure are firewalls, routers, switches, and so on. These features are the least maintained and generally forgotten. Ensure that you have strong passwords, set up two-way authentication, and use secure routing protocols - to name a few.

Risk Assessment

Now that the IT Security Checklist is complete, the next step is to conduct a risk assessment by using the formula:

Risk = Impact x Likelihood

By identifying the risk numerically, 0 being “no impact or likelihood” and 5 being “likely to occur”, you can objectively understand the full risk of security breaches on your checklist.

Define Security Goals

Now, you have the knowledge and data to define what type of security you need to protect your business. If you need a frame of reference, check into the current trends in your industry, compliance codes and regulations, and the best IT practices and trends.

Baseline Security Checklist

This is it - you now have all the information you need to maintain your IT security. Complete an audit every six months or a year; it will mitigate cyber-attacks on your electronic security systems. Any new adoption of technological processes or devices that the checklist will need to be updated.

Muskwa Computer Sciences is here to make IT better. We are ready to help you with a security consultation and create a solution to prevent you and your clients from being hacked. Leave IT to the experts so that you can continue doing what you do best!

For full security services, visit us online and contact us to get a consultation.