Cybersecurity Planning for Company Leaders and Their IT Team

Cybersecurity Isn't Just an IT Responsibility

The reality is technology has become increasingly complex. You just can’t see and touch it. The skills required to keep the wheels moving, to ensure that the parts serve your company and your customers have become more specialized.

Company leaders depend on their trusted IT employees and outsourced providers to understand, anticipate, and deliver the right services. The cybersecurity landscape has significantly changed who and how these services and support are delivered. Company leaders are too often left wondering if they have the right people, tools, and guardrails in place to meet today’s needs.

Cybersecurity Protection Action Items

Control. The cybersecurity controls listed in this checklist are by no means all-inclusive. Every company is different, and the controls you decide to implement should be appropriate for you, your employees, and your customers.

Top . We recommend every company, regardless of size, implement these essential protections. This is based on continuous research, monitoring, and awareness of cyber activity occurring.

Internal IT .Your IT team is your first point of contact for day-to-day implementation and support.

3rd Party and Recurring Revenue.Quite a few of the ongoing services will be provided by established third parties. These are companies with specialized services you will add to your technology framework.

One-Time Expense .Many of the controls will be implemented one time by your IT team and then regularly monitored for compliance. If these involve an outside partner, it will be indicated here.

Control C-Suite Internal IT 3rd Party One-Time Expense Recurring Expense Top
Automate all operating system updates and security patches on all company devices
Review all user accounts for access privileges and disable all inactive accounts
Implement advanced endpoint security on all desktops, laptops, and servers
Implement web filtering to block all malicious and inappropriate websites
Disable user ability to change desktop, laptop, mobile device security settings
Implement multi-factor authentication (MFA) for remote network access, web mail, all cloud applications, and admin user accounts
Disable Remote Desktop Protocol (RDP) for external user network access
Regularly perform full and incremental backups with local and offline remote storage
Ensure all backups are infection-free
Implement offline air-gapped backups and test regularly
Ensure all user accounts are created with least privilege and do not operate as local administrator
Implement and monitor a shadow IT policy
Implement and manage a user-owned device policy
Implement a formal employee onboarding program that includes security awareness training and review of all company technology policies
Implement a standardized new equipment deployment procedures
Implement a standardized equipment decommissioning and destruction procedure
Conduct a review of all third-party applications and software for security risks, patch management, access to company data
Conduct a review of all third-party providers' access to company network, devices, and data
Implement an Incident Response Plan
Implement a Disaster Recovery and Business Continuity plan

You Might Also Find This eBook Helpful

If you have an outsourced IT provider, such as an MSP or MSSP, they should be actively involved in your plan. We recommend you grab a copy of the free How to Have a Comfortable Cybersecurity Conversation with Your Technology Team and the Who Does What Matrix.

Sometimes You Just Need Someone to Listen

If you're ready to start your company's cybersecurity plan or if you just have questions about your current program, we're here to help.