The change of seasons offers a good time to take a look at your security posture -- and especially any vulnerabilities that may have cropped up.The rapidly approaching first day of spring (no matter what it looks like outside your window at the moment), offers one of those seasonal markers that can be helpful in scheduling regular, ongoing security review.
A Top 10 List Of Items for review as the seasons change would include:
- All antivirus and other security progress fully updated, with auto-updates set to keep them so.
- All software fully patched, with procedures in place for ensuring that patches and updates remain current.
- All antivirus and related programs fully licensed and paid-to-date; if using Security as a Service, review provider agreements. More subjectively, review your satisfaction with your SaaS provider. This is a good point to review your security budget as well.
- Insist on password change for all employees, with strong passwords required.
- Review all employee e-mail accounts and log-ins for appropriateness (which employees need access to which information?), as well as ensuring that departed employees' accounts have been closed.
- Tighten perimeter defenses, changing router passwords, and ensuring that router is also up-to-date and effective.
- Review employee usage policies with employees, reminding them that policies are to be followed scrupulously.
- Audit all mobile devices that employees use for business purposes, ensuring that business information is only stored on mobile devices that are secure, and even then, only when absolutely necessary.
- Test backup and recovery plans and procedures to ensure that you're ready tor recover quickly should a disaster strike.
- Don't neglect physical security -- are all doors and windows equipped with strong locks and alarm systems? Does your facility include smoke and other detectors? Do business papers only hit the trash after being shredded?
You've undoubtedly got a number of other items that would fit nicely on such a checklist, some of them specific to your business and its operations and practices. Add them and start working through the list.
Taking advantage of the change of seasons to also check -- and, where needed, change -- your security profile, posture and practices gives you a four-time a year improvement of the odds that your business not only is secure, but also that it will stay secure.