1. Do you use an antivirus solution on all of your devices? If
so what solution are you using?
Antivirus & antimalware protection is an absolute must at the very minimum. Ideally, this
needs to be managed by an IT provider for the best security as nowadays antivirus alone
just isn't enough. we need to build your security in layers to prevent modern attacks,
2. Do you have DNS Protection and web filtering
80% of ransomware sites can be blocked at the domain layer
3. How do you ensure that all windows patches on your pc's
and servers are applied?
Did you know that most security threats can be stopped or prevented purely by
having the latest windows updates?
4. Do you use a password manager to store your web
credentials?
Passwords in clear text are incredibley easy to hack
5. If the answer was no to the above, how do you store your
passwords so users know how to login to their web
application accounts?
6. How do you ensure that all your data is backed up?
Do you keep a copy offsite?
Do you have a retention period set?
It's super important that we look into your backup process, not just for cyber
security reasons, but also because files can become corrupted or deleted and a
restore may be necessary. Also, computers can fail so you want to know your
data is safe.
7. How do you ensure that confidential data held on your
network is only accessed by those that have permission?
Only the people that need access to certain data should have it. It's common to have
an admin group, staff group, and guest group. each group will have different access
to files and folders that is suitable.
8. How do you ensure that staff who leave have their access to
files, systems, emails and networks revoked?
Access to data for leavers must be disabled. Especially as not all staff that leave, will leave
happy.
9. Is there a 3 strikes and your out policy on user logins?
This prevents brute force attacks on your logins
10. Is there a password complexity policy?
This ensures that weak passwords cannot be used. This can be set in the Active
directory
11. Do you have a list of pre-approved software that is allowed
on your network devices?
By having a list of pre-approved software your IT provider can monitor your devices and flag up
anything that doesn't match the pre-approval. Also by having only approved software on your
network you can be sure that nothing malicious or purposefully insecure is being run on your
systems. This also makes it easier for when IT set up new computers in the future as they will
have a list of everything that is needed and approved to run on your computers keeping
everything standardized.
12. Do you have a cyber security policy?
Do you have an Internet usage policy?
It's good practice to provide staff with a cyber security policy so they are aware that
purposeful damage or compromise of your systems security is not tolerated. We can
create one for you with our cyber security subscription package.
13. Do you have a disaster recovery plan even if it's a basic one?
in a panicked situation, a plan of action on how to recover your business is
always a good idea. We can help you come up with one as part of the cyber
support subscription package that we offer.
14. How do you ensure that the products you purchase for your
business are suitable for a business network?
Not everything is suitable for a business network, and sometimes you can
compromise your security by using products designed for home use in a business
environment. We also recommend that you stick with one or two providers for your
business computing hardware like Lenovo or dell as this makes managing them
easier for warranties etc.
15. Do you know how long your business could survive without
resolution if you were subject to a cyber attack and all your
computers were locked out? 1-day \ 1 week etc;
This is important to know so we can factor this into a disaster recovery plan, Also in
most businesses, there are key critical areas that would be more damaging than
others if there were to be an IT-related fault. So having a clear idea of critical areas will
help us ensure extra measures are taken.