At TekResults we take our clients’ security very seriously. For our preventative maintenance clients, we check many of the items on the following list every quarter, although there are some items that need to be checked by the management and fall outside the IT scope.
If you are not a PM client, we would still be happy to visit your business and assess your IT security. Here are some of the things every business should be aware of.
PHYSICAL SECURITY: Are buildings, paper records, and sensitive IT resources (e.g., computer and network equipment, storage media, wiring closets) properly secured from unauthorized access, tampering, damage, and/or theft by an intruder with malicious intent? Are laptops, portable media, cell phones, tablets, etc. secure? If they are not secure is data encrypted?
INTERNET SECURITY: Are all connections to the Internet and other external networks properly documented, authorized, and protected by firewalls, intrusion detection systems, virtual private networks (or other forms of encrypted communication,).
POLICY: Has management provided the necessary leadership and reduced liability by issuing information security policies, operating procedures, and associated responsibility statements?
EMPLOYEE ACKNOWLEDGEMENT: Are all employees and contractors required to provide written acknowledgement of their understanding and acceptance of the organization's information security policies?
CONFIDENTIALITY AGREEMENTS: Has the execution of properly signed confidentiality agreements been verified prior to proprietary and/or sensitive information is disclosed, in any form, to individuals outside the organization?
ANTI-VIRUS: Are all computer systems protected with up-to-date anti-virus software and other defenses against malicious software attacks?
REMOTE ACCESS: Are modem and wireless access point connections known, authorized, and properly secured?
PASSWORDS: Have all vendor-supplied, default passwords, or similar "published" access codes for all installed operating systems, database management systems, network devices, application packages, and any other commercially produced IT products been changed or disabled?
SOFTWARE PATCHES: Are security-sensitive software patches, including the removal of unnecessary sample application software, promptly applied to systems that are accessible to users outside of the organization?
DATA PROTECTION: Is sensitive, valuable information properly protected from unauthorized access, including Windows network file shares and undocumented (desktop) Web and FTP servers? Is it physically secure at all times.
AUDITS AND VULNERABILITY TESTING: Are all computers and network devices (e.g., routers, and switches) within your organization regularly tested for exploitable vulnerabilities and any unauthorized (or illegally copied!) software?