IT Security Preparedness Checklist

IT Security Preparedness Checklist

Dennis Snider

263 Posts



Many of us are worried about hackers gaining access to our systems, but actually most security breaches are caused by employees. Generally, this is not deliberate; an employee might accidentally release confidential information, forget to shut down screens with financial details on, or accidentally delete vital files.

Up to 80% of SMEs admit that they have had problems with employee breaches of security in the last 12 months, frequently related to the accidental downloads of malware. The majority of business owners know about the need to keep their technology secure, but many don’t do anything until some major incident occurs, and then they have to shut the stable door after the horse has bolted. By following the checklist below, SMEs can make themselves much more secure.

Security Policy: have you got a clearly stated IT security policy, a privacy policy, guidelines on passwords etc., and confidentiality agreements with your vendors and contractors? Is this all clearly explained to staff?

Secure desktops: is there up-to-date antivirus software on all your computers? Are there security policies concerning download and installation of new software? Do you insist on passwords being at least eight characters long and changing them every 90 days? Do you have a procedure for regularly updating operating systems and all necessary security patches?

Data backup: is all your essential data (i.e., everything you need for daily procedures – this includes customer information) stored on a central server and is it backed up to a remote or cloud server every night? Is your important but nonessential data (i.e., data that isn’t in constant use) stored on a central server and backed up at regular intervals?

Internet/network security: is every web connection protected with firewalls and intrusion detectors? Do you access the web remotely via virtual private networks? Are you aware of every external access point in your system, and do they all have sufficient security?

Privacy/sensitive information: do you encrypt your customers’ financial information and is it only available to employees who must have access? Do you keep all your paper files under lock and key and do you know who has access to them?

Auditing: do you undertake regular audits of the security elements mentioned above at least once every six months?

Leave a Reply

Your email address will not be published. Required fields are marked *