Business Security Checklist

31 July 2012

Keeping your business secure isn’t something you do just once. Instead, it’s a series of habits you develop that allow you to secure your business continually against potential threats that arise.

One of the most important things for online security is constant vigilance. If you start off with really good security habits but let the slide after a few months, new vulnerabilities will appear that intruders can take advantage of.

So how do you keep your business secure? This is what you need to do – On a weekly, monthly and quarterly basis.

Weekly Security Checklist

[  ]        Check your server logs for intrusions
            Check your server log for port scans, unusual activity or logins by unauthorized users.

[  ]        Update your anti-virus and anti-spyware software
            Have these installed on all company PCs, including personal computers and laptops.

[  ]        Scan your PCs for Trojans, malware and other viruses
            Regular scanning will prevent the majority of malware and trojan related issues.

[  ]        Check for patches on your server software
            Your server software is one of the most important pieces of software. Update or patch it the
            moment any new updates are released.

[  ]        Check for patches and updates on all software, including plugins & themes

Often time’s attackers get in through vulnerabilities in plugins, themes and other outside extensions. Check for updates on these to make sure they can’t get in through these back doors. Many systems, like WordPress for example, allow you to check for updates on all your plugins in one screen.

[  ]        Check for OS updates on your personal computer
            If Windows or Mac OS is indicating that you should update your operating system, do so.

[  ]        Make a Dropbox, Google Drive or similar type of backup of your PC
            These should be running in the background at all times backing up all your most important data.

Monthly Security Checklist

[  ]        Check your customer emails for reports of phishing attempts

If you’re under a phishing attack, often time’s a large number of your customers will receive bogus emails at once. If you start hearing about such an attack, you may want to send an email out to your customers letting them know about what’s going on.

[  ]        Check computer security blogs and newsgroups for updates on recent exploits

Especially check for any new worms, trojans, malware, viruses or exploits that target your specific software, server version or configuration.

[  ]        Make a digital backup of your company’s most vital data

Automated services can make this backup process easy. Make sure you don’t transmit highly sensitive data unencrypted, or store unencrypted sensitive data on other people’s servers.

[  ]        Remove unnecessary accounts (old customers, fired employees, etc.)

This should be done immediately after an account goes inactive. However, it’s still good to get in the habit of scanning for inactive accounts every month. If inactive accounts are left in place, they have become footholds for intruders to use to gain more information and access.

[  ]        Check for updates on your browser

Browsers can get hacked too. If there are updates on Chrome, Firefox or Internet Explorer, update them as soon as possible.

[  ]        Background check any new employees

Often time’s intrusions come not from the outside, but from employees. Check to make sure your employees don’t have dubious histories before allowing them access.

[  ]        Check your firewalls.

If any ports were opened for any applications no longer in use, close them.

Quarterly Security Checklist

[  ]        Change your wireless passwords

This is especially important, as just about anyone who’s been in your office in the last quarter will have access to these passwords.

[  ]        Change your passwords on all accounts
            This includes both personal accounts and business accounts.

[  ]        Check your file permissions
            Check the permissions on the files on your server.

[  ]        Check all forms and scripts for possible MySQL inject attacks and scripts-against-the-server
            attacks

This is best done when writing the scripts in the first place. However, it still pays to double check, especially if you have new scripts that interact with old ones.

[  ]        Make a hard copy backup of all your most vital data
            If possible, store the data off-site to protect against disasters.

[  ]        Check the auto-run programs that start up every time you boot your computer

Viruses and spyware often hide out in the auto-run menus. They want to boot up every time your computer starts.

[  ]        Update your Gmail or other webmail’s account recovery options

If you have an old phone number on your 2-step verification, or if your backup email address is wrong, update those settings.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Tags: , , ,