Your Complete IT Security Checklist for 2017

So, we’re finally here. 2016 is winding down and so too, it seems, are the majority of your workforce. As we head towards the holiday season, most of us are perhaps thinking more about where we’ll be eating Christmas lunch than whether or not our IT security is up to scratch.

Yet despite the relaxed, foot-off-the-breaks ambiance that permeates most workplaces during the final few days of December, now is actually the perfect time to start taking stock of your security practices, of the technology in place, and of whatever contingency plans you may have in place in case of emergency.

Below, Pacific Infotech’s business IT support specialists provide you with your complete security checklist to guarantee you a safe and successful 2017.

1: Access and Use Policies

pci-dss_06 Let’s start with the basics, shall we? As we’ll discuss throughout today’s post, most security errors within businesses aren’t actually caused by malicious outside attacks, but rather by simple human error.

Your company’s IT use policies serve as the first line of defence against those errors by outlining exactly what your workforce can -and can’t- do with your systems.

Yes, mistakes may still slip through the cracks, but by at least holding users accountable for their usage and making the terms of that usage clear, we eliminate ignorance of fact as a cause of those mistakes.

As you head into the New Year, now is a good time to ask the following questions about your business IT policies:

Are they clear and easy to understand?
Do they cover any new technology or software that has been brought into your organisation?
Do they sufficiently reflect current ways of working within your business?

If changes need to be made, it’s essential that you notify your users of these changes -perhaps via your business intranet- and ensure that all users agree to the revised policies before accessing your network.

2: End Users

end-user Again, the biggest causes of security problems within businesses actually come from internal users, so it’s important as part of your company’s IT checklist to ensure that users are well trained on any new technology you’ve invested in, that your password policy is effective, and that users access rights are reviewed when they change roles within the company.

Questions you should be asking are:

Are users required to change passwords every 90 days (or more frequently)?

Are passwords required to be composed of at least eight alphanumeric characters?
Are all users trained on any new technology they need to use?
Are training methods / documentation clear and up-to-date?
Are access rights all set at the appropriate levels?

3: WiFi and Internet Access

In today’s constantly connected climate, internet security should always be of paramount importance.

Yet you may be surprised just how frequently our business IT support team are called out to problems which could have been prevented with adequate firewalls, VPN (Virtual Private Network) security and secured wireless access connections.

Particularly important for hotels and other businesses accessed by members of the public, is the need to ensure that guests don’t have access to the same network as that used by your employees to drive your mission-critical applications.

Questions to ask as part of your business IT security checklist include:

Is the Guest WiFi network separate from the corporate network
Is web content filtering in place, is it set at an appropriate level, and does it need updating?
Are firewalls and intrusion detection in place for all web connections?
Is a secure VPN in place for remote access?

4: Desktop Machines

For most businesses, desktop computers are going to be a key component of your company’s IT infrastructure, serving as the means through which the majority of users access your network, applications, and vital data.

With that in mind, it’s essential that your desktop security is fully up-to-date and equipped to handle the ever-changing nature of the tasks and processes users carry out through both Windows and Apple computers.

Questions to ask here include:

Is up-to-date anti-virus software running on every machine in my business?
Are all machines updated with the latest patches and system updates?
Are only authorized personnel able to download and install new software?
Are users able to bring their own portable storage devices to use on your machines?
If so, how are they monitored/checked for viruses?

5: Data Backup and Disaster Recovery

desktop With all the above questions answered satisfactorily, you’ll have no doubt enhanced your business IT security and significantly reduced the number of risks your system faces.

Yet that’s not to say that things can’t still go wrong, and, when they do, it’s vital that your business is well prepared for all eventualities. Should a security threat occur, the long-term success of your business depends on you knowing that your invaluable customer data is well protected, and that you can get those mission-critical applications back up and running quickly, thus minimizing downtime.

To do that, you’re going to need a solid business continuity strategy in place, and adhere to stringent protocols regarding data backup. Some questions you should be asking include:

Is all critical data backed up on a daily basis to a secure, remote location?

Is all important -but non-critical- data backed up to secure, remote server on a regular (though not necessarily daily) basis?)
What Data Loss Prevention (DLP) tools are in place, and are they up to date?
How will your business return to an operational state in the result of a security breach, data theft, or other serious issue?

Revisit Your Business IT Security Checklist Regularly

Whilst now may be a good time to go through your IT security checklist in readiness for 2017, this isn’t the kind of thing you can do once and then forget about. To keep your company, your data, and, more importantly, your customers, safe and secure, it pays to go through your checklist regularly, at least once every six months.

Should you go through this checklist and find that you’re missing certain essentials, such as firewalls, a secure, remote data backup solution, or solid anti-virus software for your desktop machines, then business IT support specialists at Pacific Infotech can help.

For a free consultation or to discuss your IT security requirements, contact us online, or call now on 020 313 76707. On behalf of our entire team, Pacific Infotech would like to wish all of our customers past and present a very safe, secure, and successful New Year.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance_analytics	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Performance & Analytics".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
ss	session	This cookie is set by the provider Eventbrite. This cookie is used for the functionality of website chat-box function.
TawkConnectionTime	session	This cookie is set by Tawk.to which is a live chat functionality. The cookie is used to remember users so that previous chats can be linked together to provide better and improved service.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gat_gtag_UA_29048059_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
AnalyticsSyncHistory	1 month	Linkedin - Used in connection with data-synchronization with third-party analysis service.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
CONSENT	16 years 5 months 22 days 16 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
li_gc	2 years	Linkedin - Stores the user's cookie consent state for the current domain
lidc	1 day	This cookie is set by LinkedIn and used for routing.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.