| END POINTS | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| Anti Virus | Protects data from malicious threats, typically involves scanning on access and at regular intervals | A virus could infect a system, corrupt files and potentially steal data | |
| Anti Spyware | Helps protect against unauthorized access of theft of sensitive data | Spyware secretly monitors your user activity, stealing personal information | |
| EDR (End Point Detection and Response) | Advanced cyber threat detection that includes a feature to isolate unusual processes for investigation | When a sophisticated attack evades all defenses, EDR will detect the unusual process and defend | |
| Encrypted Drives | Protects your data in the event of theft or unauthorized access | A physical theft of a device exposes sensitive data if not encrypted | |
| Windows Authentication Required for Access | Assures that only authorized users can access sensitive data | Unauthorized users gain access to systems through weak or compromised credentials. | |
| Critical File Back Up | Protects against accidental deletion, hardware failures or cyberattacks. Part of business continuity planning | A ransomware attack encrypts critical files, rendering them inaccessible without a backup | |
| Strong User Passwords | Required to prevent unauthorized access to data and accounts | A weak password is easily guessed, allowing unauthorized access. | |
| End Users Receive Cyber Training | Educates employees about best practices, helping to prevent compromises to the system | Phishing attacks trick users into clicking malicious links or downloading malware. | |
| Centralized Patch Management) | Makes sure all devices are updated with the latest security updates, mitigates risk of compromises | Unpatched vulnerabilities are exploited by attackers | |
| Application Installs Need to Be Approved | Verifies that software in use is authorized and prevents potentially malicious software from being installed | Unauthorized or malicious software is installed on systems, posing a security risk. |
| INFRASTRUCTURE | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| Router Firmware Updated Regularly | Addresses security vulnerabilities and typically includes performance improvements | Outdated firmware can contain vulnerabilities exploited by attackers. | |
| Switch Firmware Updated Regularly | Addresses security vulnerabilities and typically includes performance improvements | Similar to router firmware, outdated switch firmware can be exploited. | |
| Restricted Physical Access to Network Equipment | Prevents tampering or theft which could compromise network security or data | Unauthorized access could lead to tampering or device theft. | |
| IDS Present | Monitors for suspicious network traffic, sends alerts on discoveries | An IDS might fail to detect a new or evasive type of attack. | |
| IPS Present | Takes action on detections to halt malicious traffic. Active block for suspicious network traffic. | An IPS might not be able to block a zero-day attack. | |
| VPN Access has two factor and strong passwords | Helps prevent unauthorized access, even if a password is compromised. | A compromised credential could still grant access if MFA is not implemented. | |
| No Publicly Open RDP Ports | RDP ports are commonly exploited by attackers, should be closed to the public and secured by VPN | Publicly exposed RDP ports are vulnerable to brute-force attacks. | |
| Firewall is in use | Filters incoming and outgoing network traffic and blocks malicious traffic to prevent unauthorized access | A misconfigured firewall could allow unauthorized access. | |
| Default Login for Infrastructure Equipment is Changed | Default passwords are known by attackers, changing these significantly reduces risk exposure | Using default credentials could allow unauthorized access. | |
| Wi-Fi Network is encrypted | Scrambles traffic so it cannot be intercepted and accessed | Unencrypted Wi-Fi networks are vulnerable to eavesdropping. | |
| Guest Network is Segmented from Main Network | Zero trust for unknown users using the network, prevents malicious threats or activities | A compromised guest network could be used as a foothold to attack the main network. | |
| Broadcast SSID for Primary Network has been Disabled | Hiding the SSID makes it more difficult for attackers to find and attempt access | An attacker could use social engineering to trick users into connecting to a malicious network. | |
| Guest Network Default Name has Been Changed | Makes it more difficult for attackers to identify and target the guest network (for example, don't call it "guest") | Using default names could make the guest network easier to discover. | |
| Only needed ports are open on firewall | Limits potential entry points for malicious traffic | Unnecessary open ports increase the attack surface. | |
| VoIP Phones all have default web admin passwords changed | Prevents unauthorized access and control of the phone system | Using default credentials could allow unauthorized configuration changes. |
| CLIENT DATA / PI DATA PROTECTIONS | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| All assets containing and or with access to data are inventoried | Helps to identify potential vulnerably and security measures. Facilitates detection of unknown devices | Unauthorized access to assets could lead to data breaches. | |
| Policy in place for proper disposal of old equipment (hard drives) | Ensures that sensitive data is secured erased. Should outline process for wiping, physical destruction and disposal methods | Improper disposal could result in data leakage. | |
| User access is controlled based on job roles (RBAC) | Prevents unauthorized access, data breaches and misuse of company resources | Overprivileged users could misuse their access to steal or compromise data. | |
| Local Storage is Encrypted | Protects against unauthorized access, even if the device is lost or stolen | Unencrypted local storage could be compromised if a device is lost or stolen. | |
| Cloud Storage is Encrypted | Protects against unauthorized access, makes data only available with proper decryption keys | Unencrypted cloud storage could be accessed by unauthorized parties. | |
| Backup Transmissions are Encrypted | Prevents data from being intercepted while in transit to the cloud provider | Backup data could be intercepted and compromised if not encrypted. | |
| Externally Sourced USB Drives Scanned on Insertion | Prevents loading of malicious software by scanning external sources on insertion | Malicious files could be introduced through infected USB drives. | |
| Paper Files are Locked | Keeps files save from unauthorized access | Unauthorized access to physical documents could lead to data breaches. | |
| Version Controls (or shadow copies) Enabled on Server Drives | Provides essential data protection and recovery capabilities | Data loss or corruption due to accidental deletion or system failures can be mitigated. | |
| Applications containing client PI data are two factor secured | Prevents unauthorized access, even if passwords are compromised. An essential security layer for Pl data | Unauthorized access to sensitive data can be prevented. | |
| Passwords are rolled every 90 days | Makes it more difficult for hackers to obtain and exploit passwords. | Weak or compromised passwords can be mitigated. | |
| SOP for departing employees and access termination | Reduces the risk of authorized access, or breach as a result of a disgruntled employee | Unauthorized access after termination can be prevented. | |
| Computers are set to lock if idle | Greatly reduces the risk of someone gaining access to the system without proper authorization | Unauthorized access to unattended computers can be prevented. | |
| Document disposal procedure / process | Ensures sensitive information is destroyed securely preventing unauthorized access | Sensitive information can be destroyed properly to prevent data leaks. | |
| Local admin permissions are disabled | Prevents unauthorized users from gaining control of devices | Unauthorized administrative access can be prevented. |
| SECURITY MONITORING | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| Failed logon attempt monitoring | Tracks unsuccessful attempts to log into systems, helping to identify threats like brute force attacks | Brute-force attacks targeting user accounts | |
| Quarterly Penetration Testing | Security measure that involves simulating attacks to identify vulnerabilities | Vulnerabilities in the network infrastructure | |
| SOP for reporting slow or suspicious network activity | Security measure that provides a process for reporting potential security incidents | Anomalies indicative of a potential attack can be reported and investigated | |
| User account lock out for failed log in attempts | Disables accounts after unsuccessful login attempts, prevents unauthorized access | Brute-force attacks targeting user accounts | |
| Alerts for new or unknown network devices | Notifies when new or unrecognized devices connect to identify potential unauthorized access | Unauthorized devices connected to the network can be detected |
| PHISHING PREVENTION | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| Suspicious Email Reporting SOP | Provides a clear process for employees to report potential threats and protect against phishing attacks | Phishing or malicious emails | |
| Email secured with 2FA | Prevents unauthorized access even if passwords are compromised | Unauthorized access to email accounts | |
| Pl data is only sent via encrypted email or file share utility | Prevents interception of Pl data in transit | Sensitive data can be protected during transmission. | |
| End user training about suspicious emails and link checking | Crucial security measure that helps to protect the organization from breaches | Users can be educated to identify and avoid phishing attacks. | |
| No personal emails are intermingled with business (acceptable use policy) | Reduces the risk of accidental disclosure or compromise of data | Business emails can be kept separate from personal accounts, reducing the risk of compromise. | |
| Attachments scanned on opening | Identifies and blocks harmful files, protecting systems and data from infection | Malicious attachments can be detected and blocked. | |
| All bank transfers or wires must be verified verbally or written (preferred) | Reduces the risk of unauthorized funds transfers, identifies man in the middle and or compromised attacks | Unauthorized financial transactions can be prevented, man in the middle attacks | |
| Phishing simulation program in place | This helps to educate employees on recognizing and avoiding phishing scams | Users can be trained to recognize and respond to phishing attacks in a simulated environment. |
| SECURITY POLICIES AND DOCUMENTATION | WHY YOU NEED THIS | THREAT EXAMPLES | ARE YOU PROTECTED? |
|---|---|---|---|
| Acceptable Use Policy | Establishes guidelines for employee behavior and protect company resources | Unauthorized or inappropriate use of company resources. | |
| Physical Document Destruction Policy | Ensures sensitive data is destroyed securely | Sensitive information on paper documents falling into the wrong hands. | |
| Equipment/Hard Drive Destruction Policy | Ensures sensitive data is destroyed securely | Sensitive data being leaked from discarded equipment. | |
| Remote Worker Computer Policy | Ensures secure and compliant use of devices by remote employees | Data breaches or security risks associated with remote work. | |
| Incident Reporting Policy | Provides structure for employees to report breaches, enabling quick mitigation | Timely detection and response to security incidents. | |
| Business Continuity Plan | Outlines procedures for continued operations in the event of a disruption | Disruption of operations due to disasters or security incidents. | |
| Data Backup and Recovery Procedure / Policy | Establishes guidelines for regularly backing up critical data and restoring it in the case of an event | Data loss due to accidental deletion, hardware failures, or cyberattacks. | |
| Infrastructure Documentation (lists all servers, network equipment and purpose) | Enables efficient management, troubleshooting and maintenance, of hardware and software | Lack of visibility into network infrastructure, making it difficult to identify vulnerabilities or respond to incidents. | |
| Electronic Records Destruction Policy | Ensures compliance with legal and regulatory requirements preventing unauthorized access to sensitive information | Sensitive electronic data being retained longer than necessary, increasing the risk of exposure. | |
| Employee Termination Policy | Provides guidelines for handling employee terminations ensuring smooth transitions and protection of company assets | Unauthorized access to company resources after an employee's departure. | |
| Employee Onboarding Policy | Procedures for welcoming new employees including training and resources and cultural integration | Lack of proper training and access controls for new employees. | |
| VPN Access Policy | Establishes guidelines for accessing company networks remotely, ensures controlled access and data protections | Unauthorized access to company networks through VPN connections. | |
| Password Policy | Establishes guidelines for creating and managing strong, secure passwords, protecting accounts from unauthorized access | Weak or compromised passwords leading to unauthorized access. | |
| Network Monitoring Policy | Policy for identifying potential network threats and ensuring network performance and reliability | Failure to detect and respond to suspicious network activity. | |
| Support Request Policy | Establishes guidelines for submitting and handling support requests | Inefficient or inconsistent support processes, leading to delays in resolving issues. |
