Download PDF     Email this page

Cyber Security Checklist

The topic of cyber security covers many actions that, together, help to deter hackers and protect against viruses and other potential risks to the networked enterprise. This handout provides security tips, developed by the Department of Homeland Security, to assist business managers in assessing and improving their cyber security plans and procedures.

Management

The key to effectively managing cyber security is to demonstrate top-level executive support, including:

Have you created security policies to match the size and culture of your business?
Are security policies written, enforced, and kept updated?
Have you established a computer software and hardware asset inventory list?
Have you classified data by its usage and sensitivity?
Have you established ownership of all data?

Information Technology Staff

IT personnel are on the front line when it comes to cyber security and are responsible for some key activities, including:

Are you maintaining configuration management through security policy implementation and systems hardening?
Are you maintaining software patch management on all systems by following a regular schedule for applying patches for operating systems, specific software, and anti-virus updates?
Are you maintaining operational management through the reviewing of all log files, ensuring system backups with periodic data restores (data restores should not be done unless a problem corrupted the live data), and reporting any known issues or risks?
Are you performing security testing through security audits and penetration scanning?
Are you ensuring physical security of systems and facilities?
Do you ensure users have anti-virus software loaded and active on systems?

End Users

Some of the key activities that end users should address include:

Is anti-virus software loaded and active on computers?
Do you delete, without opening, e-mails from unknown sources?
Do you back-up data on a regular basis?
Do you utilize strong, difficult-to-compromise passwords?
Do you download and apply security patches?
Do you disconnect your computer from the Internet when not in use?
Do you restrict access to systems to authorized users only?
Are you suspicious of unsolicited contact from individuals seeking internal organizational data or personal information?
Do you verify a request’s authenticity by contacting the requesting entity or company directly?

Business Continuity

In order to ensure continuity of business, proactive security measures must be taken and be part of daily operations, including:

Do you have an emergency response plan?
Have you systematically evaluated all of the potential sources of disruption to your business?
Do you have an active program to reduce the likelihood of a disruption?
If you could not re-enter the workplace because of an emergency, do you have a pre-determined location to meet to coordinate recovery operations?
Do you maintain a current list of employees, customers, and suppliers at an off-site location?
Have you met with local emergency response groups to discuss their role in maintaining the business?
If you lost a critical system, do you have a pre-determined plan to restore the system?
Do you have an established business resumption team?
Is your business resumption plan securely stored in a remote location?
Do you periodically test your business resumption plan along with your site emergency response plan?

Copyright ©2012, ISO Services, Inc.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of  any recommendations or advice  contained herein will make any premises, property or operation safe or in compliance with any law or regulation.   Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with The Hanover.  By providing this information to you, The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you.  The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.
Lc 10-182H