The holidays are far behind and tax season is around the corner. This lull in the business calendar is a great time to check in on your business’s cyber readiness. Cybersecurity is an ongoing function of any business, not simply a task to accomplish and forget. Keeping your organizational and customer data secure is vital to protecting not only your profits, but also your reputation and credibility.
Here are some basic tasks you can address to complete an internal cybersecurity audit. You likely won’t need an IT specialist for any of these areas, and checking them off your list will help ensure the cyber readiness of your company:
- Review your administrative and personnel policies related to cyber readiness and amend or add information as needed. For example, is your password policy still appropriate, does your termination procedure address shutting down access to systems, and does your onboarding include cybersecurity training?
- Review your backup systems and redundancy policies. Are backups scheduled automatically, is access to cloud systems properly managed, and is any physical media locked and secured when not in use?
- Evaluate the effectiveness of your antivirus software and ensure that all devices are set to automatically update software and have operating system protections activated. Determine if your current antivirus software is still adequate or if there are better options available. Physically check auto-update and protection settings on all devices (e.g., desktops, laptops, tablets, mobile phones, internet-enabled devices).
- Evaluate other cyber protection measures in place, such as a password manager, email/spam filter, and firewall. If those measures are not currently in place, research options and determine if now is an appropriate time to take such actions. If they are in place, ensure that they are updated and working properly.
- Review access control for all users. Determine the level of access employees have to systems and software. Restrict staff access to systems and control levels that are only appropriate to their needs and job functions.
- Create a staff training plan for the upcoming year. Cyber readiness requires ongoing vigilance and education. Over 90% of cyber attacks are caused by human behavior, such as an employee clicking on a malicious link or falling for a phishing scam. Select a topic to focus on monthly and provide ongoing tips and training to address those topics.
Depending on the type of data your company maintains and the complexity of your systems, there may be other topics to include in your annual internal cybersecurity audit. The items listed above, though, are a great start to helping your business be cyber reading and more resistant to online attacks and scams.
If you are unsure about how to proceed with an internal audit, reach out to the Wyoming SBDC Network. Our Cybersecurity for Small Business Program provides no-cost cybersecurity advising and training on all the topics mentioned in this article and more.
- - -
The Wyoming SBDC Network offers business expertise to help Wyoming residents think about, launch, grow, reinvent or exit their business. The Wyoming SBDC Network is hosted by the University of Wyoming with state funds from the Wyoming Business Council. Funded in part through a Cooperative Agreement with the U.S. Small Business Administration. Full funding disclosures available at
wyomingsbdc.org/about
All opinions, conclusions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.
