Workplaces should be secured with a firewall. The firewall built into a modem/ router supplied by your Internet Service Provider (ISP) has very basic functionality and provides minimal protection.
Workplaces should be secured with a firewall. The firewall built into a modem/ router supplied by your Internet Service Provider (ISP) has very basic functionality and provides minimal protection.
Workplaces should be secured with a firewall. The firewall built into a modem/ router supplied by your Internet Service Provider (ISP) has very basic functionality and provides minimal protection.
Workplaces should be secured with a firewall. The firewall built into a modem/ router supplied by your Internet Service Provider (ISP) has very basic functionality and provides minimal protection.
A modern firewall will have security software built in that is updated by the manufacturer daily if the device has an active subscription. This software is often responsible for the real “secret sauce” of threat detection.
A modern firewall will have security software built in that is updated by the manufacturer daily if the device has an active subscription. This software is often responsible for the real “secret sauce” of threat detection.
A modern firewall will have security software built in that is updated by the manufacturer daily if the device has an active subscription. This software is often responsible for the real “secret sauce” of threat detection.
Does your firewall have an active security subscription?
A modern firewall will have security software built in that is updated by the manufacturer daily if the device has an active subscription. This software is often responsible for the real “secret sauce” of threat detection.
Firmware is a type of software that tells a piece of hardware how to work! Firmware is regularly updated by manufacturers to improve performance and sometimes fix critical security flaws.
Firmware is a type of software that tells a piece of hardware how to work! Firmware is regularly updated by manufacturers to improve performance and sometimes fix critical security flaws.
Firmware is a type of software that tells a piece of hardware how to work! Firmware is regularly updated by manufacturers to improve performance and sometimes fix critical security flaws.
Is all your network hardware regularly updated with the latest firmware updates?
Firmware is a type of software that tells a piece of hardware how to work! Firmware is regularly updated by manufacturers to improve performance and sometimes fix critical security flaws.
Good quality anti-malware software is an essential part of a multi-layered IT security defence setup. “Free” software is almost always not licensed for business use, it will have reduced functionality and little or no support.
Good quality anti-malware software is an essential part of a multi-layered IT security defence setup. “Free” software is almost always not licensed for business use, it will have reduced functionality and little or no support.
Good quality anti-malware software is an essential part of a multi-layered IT security defence setup. “Free” software is almost always not licensed for business use, it will have reduced functionality and little or no support.
Do all your computers (desktops and laptops) have anti-malware software licenced for business use?
Good quality anti-malware software is an essential part of a multi-layered IT security defence setup. “Free” software is almost always not licensed for business use, it will have reduced functionality and little or no support.
Although most cloud services (e.g. Microsoft 365) are incredibly robust, they usually make it clear that it is your responsibility to ensure your data is safe.
Although most cloud services (e.g. Microsoft 365) are incredibly robust, they usually make it clear that it is your responsibility to ensure your data is safe.
Although most cloud services (e.g. Microsoft 365) are incredibly robust, they usually make it clear that it is your responsibility to ensure your data is safe.
Is all your online/ cloud data (including email) backed up to a third party provider?
Although most cloud services (e.g. Microsoft 365) are incredibly robust, they usually make it clear that it is your responsibility to ensure your data is safe.
If an online service is only secured with a username and password it can be very easy to access by a malicious actor. Multi factor authentication is easy to implement on all reputable cloud services and should be considered mandatory.
If an online service is only secured with a username and password it can be very easy to access by a malicious actor. Multi factor authentication is easy to implement on all reputable cloud services and should be considered mandatory.
If an online service is only secured with a username and password it can be very easy to access by a malicious actor. Multi factor authentication is easy to implement on all reputable cloud services and should be considered mandatory.
Is Multi-Factor Authentication (MFA/2FA) activated on all your cloud / online services including email accounts?
If an online service is only secured with a username and password it can be very easy to access by a malicious actor. Multi factor authentication is easy to implement on all reputable cloud services and should be considered mandatory.
Vulnerabilities in software are a very common route for cyber attacks. Software developers are good at releasing updates to correct these vulnerabilities but they are not always applied automatically?
Vulnerabilities in software are a very common route for cyber attacks. Software developers are good at releasing updates to correct these vulnerabilities but they are not always applied automatically?
Vulnerabilities in software are a very common route for cyber attacks. Software developers are good at releasing updates to correct these vulnerabilities but they are not always applied automatically?
Are operating systems and core software on all your devices (laptops, desktops and mobile devices) updated regularly?
Vulnerabilities in software are a very common route for cyber attacks. Software developers are good at releasing updates to correct these vulnerabilities but they are not always applied automatically?
There comes a point where manufacturers and developers stop updating and patching their products and you must ensure that you are not using such products.
There comes a point where manufacturers and developers stop updating and patching their products and you must ensure that you are not using such products.
There comes a point where manufacturers and developers stop updating and patching their products and you must ensure that you are not using such products.
Do you ensure that all end-of-life hardware and software in your organisation is removed or upgraded?
There comes a point where manufacturers and developers stop updating and patching their products and you must ensure that you are not using such products.
If a computer is stolen, data on unencrypted drives can be very easily accessed. Consider the risk to your organisation if this data included personal, financial or commercially sensitive data.
If a computer is stolen, data on unencrypted drives can be very easily accessed. Consider the risk to your organisation if this data included personal, financial or commercially sensitive data.
If a computer is stolen, data on unencrypted drives can be very easily accessed. Consider the risk to your organisation if this data included personal, financial or commercially sensitive data.
Do you encrypt the hard drives on all your devices?
If a computer is stolen, data on unencrypted drives can be very easily accessed. Consider the risk to your organisation if this data included personal, financial or commercially sensitive data.
An additional measure, or an alternative for devices that do not support drive encryption (for example, mobile phones and tablets), which will enable you to remotely wipe a lost or stolen device of sensitive data.
An additional measure, or an alternative for devices that do not support drive encryption (for example, mobile phones and tablets), which will enable you to remotely wipe a lost or stolen device of sensitive data.
An additional measure, or an alternative for devices that do not support drive encryption (for example, mobile phones and tablets), which will enable you to remotely wipe a lost or stolen device of sensitive data.
Are you able to remotely wipe company devices that are lost or stolen?
An additional measure, or an alternative for devices that do not support drive encryption (for example, mobile phones and tablets), which will enable you to remotely wipe a lost or stolen device of sensitive data.
Remote workers have significantly less protection when working outside of the office. You should implement tools such as software-based DNS security which help block employees from accessing malicious websites wherever they work.
Remote workers have significantly less protection when working outside of the office. You should implement tools such as software-based DNS security which help block employees from accessing malicious websites wherever they work.
Remote workers have significantly less protection when working outside of the office. You should implement tools such as software-based DNS security which help block employees from accessing malicious websites wherever they work.
Do you have any security solutions in place to help protect remote workers?
Remote workers have significantly less protection when working outside of the office. You should implement tools such as software-based DNS security which help block employees from accessing malicious websites wherever they work.
Email is one of the most common methods used to carry out cyber-attacks. You must invest in an email security solution which protects against phishing, malware, spam, and malicious links.
Email is one of the most common methods used to carry out cyber-attacks. You must invest in an email security solution which protects against phishing, malware, spam, and malicious links.
Email is one of the most common methods used to carry out cyber-attacks. You must invest in an email security solution which protects against phishing, malware, spam, and malicious links.
Do you have a dedicated email security solution filtering all inbound emails?
Email is one of the most common methods used to carry out cyber-attacks. You must invest in an email security solution which protects against phishing, malware, spam, and malicious links.
It is important to have an experienced cyber security professional assess your organisation at least once per year to identify risks and recommend solutions to mitigate them. Risks should be reviewed at board level.
It is important to have an experienced cyber security professional assess your organisation at least once per year to identify risks and recommend solutions to mitigate them. Risks should be reviewed at board level.
It is important to have an experienced cyber security professional assess your organisation at least once per year to identify risks and recommend solutions to mitigate them. Risks should be reviewed at board level.
Do you have a formal risk management program, with an IT risk assessment conducted at least once a year?
It is important to have an experienced cyber security professional assess your organisation at least once per year to identify risks and recommend solutions to mitigate them. Risks should be reviewed at board level.
Human error is the single biggest cyber security risk in your organisation. It is fundamental that your staff know how to safely use IT systems both inside and outside of the office. A policy alone is not sufficient.
Human error is the single biggest cyber security risk in your organisation. It is fundamental that your staff know how to safely use IT systems both inside and outside of the office. A policy alone is not sufficient.
Human error is the single biggest cyber security risk in your organisation. It is fundamental that your staff know how to safely use IT systems both inside and outside of the office. A policy alone is not sufficient.
Do you train your staff to ensure they know how to use your systems safely and spot signs of a cyber-attack?
Human error is the single biggest cyber security risk in your organisation. It is fundamental that your staff know how to safely use IT systems both inside and outside of the office. A policy alone is not sufficient.
Vulnerability scanners help identify weaknesses in your IT systems which could be exploited by a cyber criminal to attack your systems and steal your data.
Vulnerability scanners help identify weaknesses in your IT systems which could be exploited by a cyber criminal to attack your systems and steal your data.
Vulnerability scanners help identify weaknesses in your IT systems which could be exploited by a cyber criminal to attack your systems and steal your data.
Do you use third party tools or providers to carry out vulnerability scanning on your systems?
Vulnerability scanners help identify weaknesses in your IT systems which could be exploited by a cyber criminal to attack your systems and steal your data.
Systems like Microsoft Endpoint Manager and Azure Active Directory are low cost, cloud based, serverless solutions which allow you to centrally control configuration and security settings for users and devices and help keep them secure.
Systems like Microsoft Endpoint Manager and Azure Active Directory are low cost, cloud based, serverless solutions which allow you to centrally control configuration and security settings for users and devices and help keep them secure.
Systems like Microsoft Endpoint Manager and Azure Active Directory are low cost, cloud based, serverless solutions which allow you to centrally control configuration and security settings for users and devices and help keep them secure.
Do you have systems in place to centrally manage the settings on your computers?
Systems like Microsoft Endpoint Manager and Azure Active Directory are low cost, cloud based, serverless solutions which allow you to centrally control configuration and security settings for users and devices and help keep them secure.
It is important that you have clearly defined processes detailing how different types of access request should be raised, managed, and approved. For example, you could maintain checklists for processing starters and leavers.
It is important that you have clearly defined processes detailing how different types of access request should be raised, managed, and approved. For example, you could maintain checklists for processing starters and leavers.
It is important that you have clearly defined processes detailing how different types of access request should be raised, managed, and approved. For example, you could maintain checklists for processing starters and leavers.
Do you have formal access control procedures in place for managing the provision of new user accounts & leavers?
It is important that you have clearly defined processes detailing how different types of access request should be raised, managed, and approved. For example, you could maintain checklists for processing starters and leavers.
Employees should only have the minimum required level of access to your systems to do their job. You can typically use security groups and RBAC (role-based access control) to help manage this.
Employees should only have the minimum required level of access to your systems to do their job. You can typically use security groups and RBAC (role-based access control) to help manage this.
Employees should only have the minimum required level of access to your systems to do their job. You can typically use security groups and RBAC (role-based access control) to help manage this.
Do you have granular access in place across your systems, with all access denied by default?
Employees should only have the minimum required level of access to your systems to do their job. You can typically use security groups and RBAC (role-based access control) to help manage this.
