Cybersecurity Planning for Company Leaders and Their IT Team

Cybersecurity Isn't Just an IT Responsibility

The reality is technology has become increasingly complex. You just can’t see and touch it. The skills required to keep the wheels moving, to ensure that the parts serve your company and your customers have become more specialized.

Company leaders depend on their trusted IT employees and outsourced providers to understand, anticipate, and deliver the right services. The cybersecurity landscape has significantly changed who and how these services and support are delivered. Company leaders are too often left wondering if they have the right people, tools, and guardrails in place to meet today’s needs.

Cybersecurity Protection Action Items

Control. The cybersecurity controls listed in this checklist are by no means all-inclusive. Every company is different, and the controls you decide to implement should be appropriate for you, your employees, and your customers.

Top . We recommend every company, regardless of size, implement these essential protections. This is based on continuous research, monitoring, and awareness of cyber activity occurring.

Internal IT .Your IT team is your first point of contact for day-to-day implementation and support.

3rd Party and Recurring Revenue.Quite a few of the ongoing services will be provided by established third parties. These are companies with specialized services you will add to your technology framework.

One-Time Expense .Many of the controls will be implemented one time by your IT team and then regularly monitored for compliance. If these involve an outside partner, it will be indicated here.

Control	C-Suite	Internal IT	3rd Party	One-Time Expense	Recurring Expense	Top
Automate all operating system updates and security patches on all company devices
Review all user accounts for access privileges and disable all inactive accounts
Implement advanced endpoint security on all desktops, laptops, and servers
Implement web filtering to block all malicious and inappropriate websites
Disable user ability to change desktop, laptop, mobile device security settings
Implement multi-factor authentication (MFA) for remote network access, web mail, all cloud applications, and admin user accounts
Disable Remote Desktop Protocol (RDP) for external user network access
Regularly perform full and incremental backups with local and offline remote storage
Ensure all backups are infection-free
Implement offline air-gapped backups and test regularly
Ensure all user accounts are created with least privilege and do not operate as local administrator
Implement and monitor a shadow IT policy
Implement and manage a user-owned device policy
Implement a formal employee onboarding program that includes security awareness training and review of all company technology policies
Implement a standardized new equipment deployment procedures
Implement a standardized equipment decommissioning and destruction procedure
Conduct a review of all third-party applications and software for security risks, patch management, access to company data
Conduct a review of all third-party providers' access to company network, devices, and data
Implement an Incident Response Plan
Implement a Disaster Recovery and Business Continuity plan