This 16-point cybersecurity checklist helps COOs sleep better March 29, 2019

Establish a baseline and identify existing vulnerabilities so you can close them. Be sure to make note of the date the assessment is completed. We've written another article that outlines what to include in your security assessment.

Most attacks originate from email, so it’s important to secure this vulnerability. Choose a service designed to reduce spam and decrease the potential for attacks on your staff via email.

Examples include denying or limiting USB file storage access, enabling enhanced password policies, setting user screen timeouts, and limiting user access.

Teach your employees about data security, email attacks and your policies and procedures, and offer regular refreshers. A good IT service provider will offer both web-based training and security policy templates for you to use.

To be proactive in preventing a data breach, you need to know in real-time what accounts and passwords have been posted on the dark web. Your IT provider should have ongoing monitoring in place so action can be taken as soon as credentials have been compromised.

Are your employees' passwords for sale? Find out for free.

Anti-virus software isn’t enough to protect your data from today’s malware, viruses and cyber attacks, including file-less and script-based threats and ransomware attacks. Instead, you need advanced endpoint security.

This adds an extra layer of protection to ensure that, in the event your password is stolen, your data is protected. Use multi-factor authentication whenever you can, including on your network, banking websites and even social media.

Protect your computers from the latest known attacks and close system vulnerabilities by updating your software and systems on a regular basis and whenever a patch or critical update is issued. A good IT service provider will automate this process for you.

The goal, whenever possible, is to encrypt files “at rest” and “in motion” (think email), especially on mobile devices.

Internet security is a race against time. Cloud-based security programs detect web and email threats as they emerge on the internet and block them on your network within seconds, before they reach your people.

Back up locally and in the cloud, and test your backups often. Determine how long your business can function while waiting for all your information to be restored. Is it hours? Days? Weeks? Define what is acceptable and implement recovery protocols to meet these requirements.

Turn on intrusion detection and intrusion prevention features and send the log files to a managed SIEM. (If your IT team doesn’t know what these things are or how to turn them on, it’s time to talk to us!)

Security incident and event management (SIEM) is a Big Data methodology that analyzes the information collected from all events and security logs on all covered devices to protect against advanced threats and meet compliance requirements.

There are many ways a criminal can breach your defenses, and not all of them are high tech! Test your systems and your staff regularly using “white hat” hackers to ensure there are no holes in your security.

Cyber criminals attempt to steal data or access your network by way of your employees’ phones and tablets. They’re counting on you to leave these devices open to attack. Mobile device security closes this gap.

If all else fails, protect your income and business with cyber damage and recovery insurance policies.