fbpx
Riverlite

Cyber Security Audit Checklist

Protection of data is vital to any businesses reputation and financial security.

Malicious attacks on internet connected systems, computers, servers, networks and mobile devices are growing in frequency and type of threat; from attacking systems to attacking people in businesses.
There have been a number of high profile cyber attacks recently, including the recent Blackbaud ransomware attack on 30 UK Charities.

We at Riverlite have identified 10 key cyber security questions that you need to ask your business, based on the core lessons we have learned from working in the cyber security environment since 2008.

Answering this checklist of questions can help you start to audit and improve your cyber security.

A comprehensive, cyber security strategy, which is implemented and maintained following best practise will provide your business with ongoing piece of mind.
Business man at laptop

1. Do you use mitigation and preventative cyber security measures in your business?

  • Mitigation - This approach was acceptable in the past but, in an era when cyberattacks are escalating in volume, frequency and severity, a mitigation approach alone can be extremely costly
  • Don’t know? – You should be using a combination of preventative managed network solutions as well as regular mitigating Firewalls
  • Preventative solutions - Dedicated managed network solutions such as Riverlite Ensure monitor your network and are more cost-effective in the long term

Thames Hospice use network security monitoring to protect their patients data
Find out more about Hospice IT Services

2. Has your business adopted a cyber security standard?

While it is important for any organisation to adopt a cybersecurity standard, just checking all of the boxes will not make you secure.

While well-intentioned, the wide variety of standards can be quite confusing to the organisations that need them the most.

There is no standard or guideline that will ensure you are secure, even if you can honestly tick off all the boxes.

If you meet all of the requirements of a particular standard, and don't consider how they uniquely apply to your organisation, you will end up with full compliance, but mediocre security.

"There is no standard or guideline that will ensure you are secure, even if you can honestly tick off all the boxes."

3. Do you carry our regular audits and IT health checks on your business?

It is important to understand your risk landscape. These are the questions you should be asking:
  • What is vulnerable?
  • What is my greatest risk?
  • How am I managing my devices and hardware?
  • Who has access to what?

4. Does your business carry out external penetration testing?

This is not always necessary but where a higher level of security is required for your business service, and for ultimate piece of mind Managed Service Providers like Riverlite manage the service of third-party experts who can implement the most comprehensive security testing. This includes:

  • Infrastructure testing
  • Social engineering attacks
  • Red-team testing
  • Full report and advice to enable changes in processes at your business
Social Engineering attacks-dangers of phishing

5. Which of the following peripheral security processes does your business use?

Encryption for devices that leave the office - Encryption is no longer a nice to have for devices that leave the office; it is included within modern Windows OS and should be configured accordingly.

Periodic auditing of user accounts - remove anything that should not be there; check who is an admin and verify if this is actually required. Lock down system to those who are trusted.

USB drive encryption - Consider blocking access to removable devices such as USB drives that are not encrypted; modern solutions exist that make this easy (Sophos AV for example which Riverlite partner with)

6. What software security measures does your business use?

All of these elements below are no longer 'nice to haves' but essential for good cyber security

  1. Anti Virus –  Most people have anti-virus software installed in their business but there are many options. Riverlite partner with Sophos who are a global leader in network and endpoint security

  2. Email Filtering -  is the processing of incoming messages with anti-spam techniques, but it is important to ask the question who will manage and monitor it in your business?

  3. Anti-ransomware technology - Ransomware is a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. It is an increasing threat and so there are now specific software solutions that protect, track and learn from previous attacks.

  4. Two Factor Authentication – also know as 2FA is a method of confirming a user's claimed identity by using something they know (password) and a second factor other than something they have or something they are. Using a phone app authenticator to confirm a login, for example, is a good way of ensuring unwarranted logins from someone else.
cyber security lock and hand

5. Phishing Tests - Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. A phishing test is a good way to test your staff’s engagement with security training and these can be implemented by some managed service providers.

Find out more about Riverlite Phishing protection.

7. Does your business proactively monitor security updates and patches?

Essentially patches are used to deal with vulnerabilities and security gaps.

The timing of security updates is important. Too soon is a risk and a delay is equally risky.

Are updates (security & anti-virus) actually monitored to confirm successful delivery?

One missed update is all it takes.

Find out more about our Network monitoring solutions

8. What data backup processes does your business have?

A Backup strategy document is essential as the ability to restore from back up is the last line of defence, providing a way to restore original data in the event of a successful cyber attack.

Having the option of Multiple backups from multiple locations  is an important safety element in the backup process. It is important to know what the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are for your business.

How often are your backup processes tested?

cyber security lock and hand

9. Does your business carry out cyber security training and education?

Hackers have identified that staff are the most vulnerable part of any organisation. According to the latest UK Government cyber security survey the most common type of attacks on businesses are phishing attacks – staff receiving fraudulent emails or being directed to fraudulent websites. 

Because of this danger across the business it is no longer the sole preserve of the IT department to handle cyber risk on its own. There is also a skills gap when it comes to cyber security expertise according to a separate UK government report within business.

This is why it is important to carry out regular cyber security training and education across your business.

 

10. Are your cyber security processes monitored and regularly adjusted?

  • Never assume that the network is 100% secure

  • Continuously going through the 4 part process for cyber security ensures best practice working

 

How well does your business fair with these 10 cyber questions?

Protection of customer and patients data is vital to any business's reputation and financial security. Addressing these questions can help you start to address and improve your cyber security.

 

cyber security lock and hand

Riverlite Cyber security services

Riverlite cyber security services defend your internet connected systems, computers, servers, networks and mobile devices from malicious attacks.

The damage to your business can be financial, reputational or operational. All of which, require time, money and resources to rectify and recover. As always, prevention is the best cure.

 
Find out more about our full range of cyber security services
Got a question?
We are always happy to answer any questions you may have for us. So, if you wish to discuss your infrastructure, find out about the latest technologies or see how you can reduce costs, then get in touch and a member of our team will be happy to assist you.
Simply complete the form here, or alternatively contact us using the details below:

    crossmenu
    linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram