Business Security Checklist
Keeping your business secure isn’t something you do just once. Instead, it’s a series of habits you develop that allow you to secure your business continually against potential threats that arise.
One of the most important things for online security is constant vigilance. If you start off with really good security habits but let the slide after a few months, new vulnerabilities will appear that intruders can take advantage of.
So how do you keep your business secure? This is what you need to do – On a weekly, monthly and quarterly basis.
Weekly Security Checklist
[ ] Check your server logs for intrusions
Check your server log for port scans, unusual activity or logins by unauthorized users.
[ ] Update your anti-virus and anti-spyware software
Have these installed on all company PCs, including personal computers and laptops.
[ ] Scan your PCs for Trojans, malware and other viruses
Regular scanning will prevent the majority of malware and trojan related issues.
[ ] Check for patches on your server software
Your server software is one of the most important pieces of software. Update or patch it the
moment any new updates are released.
[ ] Check for patches and updates on all software, including plugins & themes
Often time’s attackers get in through vulnerabilities in plugins, themes and other outside extensions. Check for updates on these to make sure they can’t get in through these back doors. Many systems, like WordPress for example, allow you to check for updates on all your plugins in one screen.
[ ] Check for OS updates on your personal computer
If Windows or Mac OS is indicating that you should update your operating system, do so.
[ ] Make a Dropbox, Google Drive or similar type of backup of your PC
These should be running in the background at all times backing up all your most important data.
Monthly Security Checklist
[ ] Check your customer emails for reports of phishing attempts
If you’re under a phishing attack, often time’s a large number of your customers will receive bogus emails at once. If you start hearing about such an attack, you may want to send an email out to your customers letting them know about what’s going on.
[ ] Check computer security blogs and newsgroups for updates on recent exploits
Especially check for any new worms, trojans, malware, viruses or exploits that target your specific software, server version or configuration.
[ ] Make a digital backup of your company’s most vital data
Automated services can make this backup process easy. Make sure you don’t transmit highly sensitive data unencrypted, or store unencrypted sensitive data on other people’s servers.
[ ] Remove unnecessary accounts (old customers, fired employees, etc.)
This should be done immediately after an account goes inactive. However, it’s still good to get in the habit of scanning for inactive accounts every month. If inactive accounts are left in place, they have become footholds for intruders to use to gain more information and access.
[ ] Check for updates on your browser
Browsers can get hacked too. If there are updates on Chrome, Firefox or Internet Explorer, update them as soon as possible.
[ ] Background check any new employees
Often time’s intrusions come not from the outside, but from employees. Check to make sure your employees don’t have dubious histories before allowing them access.
[ ] Check your firewalls.
If any ports were opened for any applications no longer in use, close them.
Quarterly Security Checklist
[ ] Change your wireless passwords
This is especially important, as just about anyone who’s been in your office in the last quarter will have access to these passwords.
[ ] Change your passwords on all accounts
This includes both personal accounts and business accounts.
[ ] Check your file permissions
Check the permissions on the files on your server.
[ ] Check all forms and scripts for possible MySQL inject attacks and scripts-against-the-server
attacks
This is best done when writing the scripts in the first place. However, it still pays to double check, especially if you have new scripts that interact with old ones.
[ ] Make a hard copy backup of all your most vital data
If possible, store the data off-site to protect against disasters.
[ ] Check the auto-run programs that start up every time you boot your computer
Viruses and spyware often hide out in the auto-run menus. They want to boot up every time your computer starts.
[ ] Update your Gmail or other webmail’s account recovery options
If you have an old phone number on your 2-step verification, or if your backup email address is wrong, update those settings.