The reality is technology has become increasingly complex. You just can’t see and touch it. The skills required to keep the wheels moving, to ensure that the parts serve your company and your customers have become more specialized.
Company leaders depend on their trusted IT employees and outsourced providers to understand, anticipate, and deliver the right services. The cybersecurity landscape has significantly changed who and how these services and support are delivered. Company leaders are too often left wondering if they have the right people, tools, and guardrails in place to meet today’s needs.
Control. The cybersecurity controls listed in this checklist are by no means all-inclusive. Every company is different, and the controls you decide to implement should be appropriate for you, your employees, and your customers.
|Control||C-Suite||Internal IT||3rd Party||One-Time Expense||Recurring Expense||Top|
|Automate all operating system updates and security patches on all company devices|
|Review all user accounts for access privileges and disable all inactive accounts|
|Implement advanced endpoint security on all desktops, laptops, and servers|
|Implement web filtering to block all malicious and inappropriate websites|
|Disable user ability to change desktop, laptop, mobile device security settings|
|Implement multi-factor authentication (MFA) for remote network access, web mail, all cloud applications, and admin user accounts|
|Disable Remote Desktop Protocol (RDP) for external user network access|
|Regularly perform full and incremental backups with local and offline remote storage|
|Ensure all backups are infection-free|
|Implement offline air-gapped backups and test regularly|
|Ensure all user accounts are created with least privilege and do not operate as local administrator|
|Implement and monitor a shadow IT policy|
|Implement and manage a user-owned device policy|
|Implement a formal employee onboarding program that includes security awareness training and review of all company technology policies|
|Implement a standardized new equipment deployment procedures|
|Implement a standardized equipment decommissioning and destruction procedure|
|Conduct a review of all third-party applications and software for security risks, patch management, access to company data|
|Conduct a review of all third-party providers' access to company network, devices, and data|
|Implement an Incident Response Plan|
|Implement a Disaster Recovery and Business Continuity plan|