- Do you align your cybersecurity initiatives with a known framework? (e.g. NIST Cybersecurity Framework, ISO/IEC 27001 Information Security Management System, Payment Card Industry Data Security Standard)
- Does the senior management have oversight on the cybersecurity posture and improvement activities?
- Do you have documented cybersecurity related policies, that are distributed to all staff members?
- Do you use a documented password policy and tools to encourage responsible password practices and enforce the minimum password requirements?
- Do you apply the Multi-factor Authentication process on users when accessing important data repositories, regardless of where it is stored?
- Do you patch security vulnerabilities in IT systems assessed as high risk within 14 days?
- Do you have documented business continuity plans, disaster recovery plans and incident management plans that are regularly reviewed and updated?
- Do you provide social engineering, fraud, and phishing related security training to all staff members?
- Are your firewalls and security software set up with intrusion prevention system, intrusion detection system and data loss policies?
- Do you back up all critical systems and files to a secondary storage environment at least weekly?
Thanks to our friends at Blue Appache for their assistance in putting the questions together, and we recommend all businesses obtain a cyber audit to protect their business’s most precious asset – your data.
Toll free: 1800 245 123
P: (03) 9835 1300
F: (03) 9763 5932
Level 2, 35 Dalmore Drive
Scoresby VIC 3179