Article

Cybersecurity checklist

The importance of cyber security

It is vital that your company’s computer system is safe and protected from unauthorized users and hackers.  Unprotected computer systems and networks can result in loss of essential data, customer information and important financial data.

It is important to continuously explore how your business is truly protected from impostors or hackers that are looking to steal critical information or to install a computer virus into your system and network. Consider the tips below:

Use strong passwords

  • Each authorized user must have their own password. Do not allow “community” passwords for commonly accessed programs or systems by multiple users.
  • Require users to change their passwords frequently.
  • Strong passwords are usually at least six characters and a combination of letters that are upper and lower case, numbers, and symbols (@, #, $, %, etc.)

Back up critical data

  • To prevent data loss, it is essential to conduct regular backups of your company’s data.
  • The most common types of backups are full and incremental.
  • Full backups are the most basic and will copy all data.
  • Incremental backups refer to only backing up files or data that have changed since the last full backup.
  • Routine checks or audits of backups should be conducted to verify integrity of the data.

Use virus protection software

  • Use virus protection software from a reliable source and reputable company.
  • Update the virus protection software daily for any new updates.
  • Set automated scans in the virus protection software program to routinely scan your computer.

Install firewalls

  • Firewalls are divisions between a private network and an outside network, such as the internet, that manages traffic passing between the two networks. 
  • Access points can be setup through firewalls to help limit access to sensitive areas, such as financial information, proprietary information, etc.

Avoid unnecessary connections

  • Require authorized users to log-off whenever they are away from their desks. Set an automated time-out to log them off the computer, requiring them to log back in when they return to their desks.
  • Power down computers when they are not expected to be in use for longer periods of time. 

Monitor emails

  • Be wary of unknown emails, especially those with unusual email addresses or names.
  • Do not open emails with spelling or grammatical errors in the subject line.
  • Do not open any attachments in emails from someone you do not know.
  • Verify the authenticity of the email if it seems legitimate and they are asking for sensitive data, a transfer of financial information, etc. Simply pick up the phone and call the sender to verify the email originated from them.

Keep software and operating systems current

  • Routine updates of software and operating systems helps assure “patches” for software vulnerabilities are appropriately installed to minimize a data breach.

Screen employees and others allowed access

  • All newly hired employees should undergo background checks with references from prior employers.
  • Background screening should also include a detailed criminal history check and to see if there are any serious issues with a prospective employee candidate’s credit history.
  • Immediately terminate access for employees who leave the company or are fired.
  • Screen contractors who may be provided temporary access. Try to limit the information and data that they may access. Also, immediately terminate their authorization once they have completed the project where their access was necessary.

This material is provided for informational purposes only and does not provide any coverage or guarantee loss prevention. The examples in this material are provided as hypothetical and for illustration purposes only. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of any recommendations contained herein will make any premises, or operation safe or in compliance with any law or regulation. By providing this information to you, The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.

LC 2022-226