SMB SECURITY WORKPLAN
They say taking the first step is the hardest. But here at Axxys, we thought that shouldn’t be the case for business leaders trying to grasp their companies’ security posture. So we created this interactive checklist to help you understand which policies and procedures should be implemented to keep your organization safe and secure.
Check off which policies your business already has and which procedures you’re already doing, then click to get your results. Ultimately addressing the items below will provide a strong security foundation for your business or organization.
PRIVACY PROGRAM
Your company should document an internal privacy policy that covers network usage (including email), employee and client/customer records, and acceptable use for internal and external systems. This policy should cover all connected devices including mobile devices and those used in work-from-home or hybrid work environments. If customers or vendors interact with your network or digital properties, then you will need a public-facing privacy policy as well
Internal Privacy Policy
Training employees on your privacy and usage policy is imperative. Make sure they understand what is allowed and what is not when it comes to network usage or accessing data.
Train Employees On Your Policy
Create a policy with rules and controls for how long your company will retain data, how it will be stored, and how it will be protected while in your care. A clear Data Retention Policy will reduce the impact of any potential security incidents.
Data Retention Policy
SECURITY PROGRAM
Train employees and contractors on the most common cybersecurity and physical security threats to the business. This training should fit the needs of your organization and include training on the aforementioned policies and procedures.
Security Awareness Training Of Employees And Contractors
Train team members on how to identify potential phishing attacks. Additionally, implement a phishing reporting policy and train on how these potential attacks should be reported to within your organization.
Phishing Awareness Training
Require that employees keep confidential information like customer information or passwords out of sight at all times at their workstations. This policy is designed to protect customers and employees alike by protecting sensitive data from prying eyes and prevents inadvertent leaks from shared workplace photos.
Clean Desk Policy
Implement a clear policy around visitors and guests at the workplace. From personal guests to potential clients, your visitor policy should outline what areas of an office a guest may access, any badge or escort requirements, and how to sign in and sign out visitors. Train team members on this policy.
Visitor Program
On a regular basis, and no less than once a year, take inventory of all digital assets and network devices. Identify potential areas of risk and vulnerability and the accompanying impact on the business in the event of a data breach.
Identify Digital Assets
Institute multi-factor authentication on all network devices and applications, particularly those that handle sensitive data like customer information or business intellectual property. MFA can include the use of a second device, like a mobile phone, to confirm that a system login is valid.
Multi-factor Authentication (MFA)
TOOLS
Utilizing a Virtual Private Network (VPN) creates a secure connection between users and your network. A VPN is critical if you allow network connections outside of the office (as with work from home environments or remote workers). Setting up secure remote access via VPN, secure application tunneling, or remote desktops can create new efficiencies but must be done in a way that puts security front and center.
Secure Remote Access
Wi-Fi connectivity in the office should be established with separate guest and employee networks, regular password rotation/resets, and firmware updates. Wireless access points that use default or weak passwords and are not regularly updated create an easily accessed entry-point to your entire network.
Secure Wi-Fi Network
An SEG will include anti-phishing technology, encryption, and data-loss prevention features to keep your email secure. Even with increasingly sophisticated attacks targeting email, an SEG should keep most attackers at bay.
Secure Email Gateway (SEG)
Enable logging across your network. Periodically review the logs to identify potential attack surfaces and even ongoing breaches. Many software and network providers include built-in reporting solutions to make accessing the logs simple.
System Auditing
A robust backup solution can restore your business operations quickly in the event of a cyberattack. Remote (or even air-gapped) backups can mitigate the risk of ransomware attacks and give your business continuity in the event of a breach.
Backup Solution
Regular verification of backups and regular testing of backup restoration further ensures that your data can be restored with minimal issues or data loss in the event of a breach.
Testing The Backup Solution
Content filtering at the DNS level can protect your network from SPAM or nefarious data packets. From adult content to suspicious IPs and activity, DNS-level content filtering will keep brute force and executable attacks away from your network.
Domain Name Server (DNS) Level Content Filtering
EDR means continuous monitoring and response to advanced threats. Threats that happen post-firewall or via authenticated users can be recognized and handled by an appropriate EDR solution.
Endpoint Detection And Response (EDR)
SEIM solutions collect all alerts and security logs from connected devices to help identify potentially malicious behavior.
Security Incident And Event Management (SIEM) Solution
SYSTEM HARDENING
Regularly audit which applications and systems are in use, including SaaS and PaaS tools. Remove or cancel any applications that are not in use as each connected application is a potential target for hackers seeking to do your business harm.
Remove Unused Programs On All Systems
Instituting user policies by using Group Policy Objects (GPO), Microsoft Active Directory, or Single Sign-On gives administrative control over application and data access across your organization. Having these policies in place provides a layer of protection against not only external hackers but also disgruntled employees and other bad actors.
Group Policies, Single Sign-On And Active Directory
Close unused ports and secure ports in use with firewalls and strong access controls. Endpoints are the literal entryway for bad actors intent on breaching your systems. Protecting these endpoints is a primary task in securing your network.
Secure Endpoint Configurations
Firewalls, VPNs, routers, and Intrusion Detection and Prevention systems should be installed, monitored, and regularly updated.
Implement Perimeter Security
The majority of software patches include a security element so leaving devices unpatched is dangerous. Plan for software updates and patch management by making it a regularly scheduled process that is the specific responsibility of a team or team member.
Institute A Patch Management Plan
Abnormal and anomalous behavior on cloud-based applications like Office 365 or your ERP system can be a sign of a bad actor. A number of software solutions exist to monitor applications and connected devices and notify your team in the event of abnormal activity.
Monitor Cloud Application Behavior
When a vulnerability is detected or uncovered, it must be addressed in a timely manner. From unpatched systems to ongoing DDoS attacks, having a framework for how to respond to and address attempted attacks is critical.
Define a Process For Identifying And Addressing Vulnerabilities
The software in use by your organization will include occasional “Bugs.” These bugs can often be exploited and compromise your network. Institute a plan for how to address software-based vulnerabilities with the software publisher. If a publisher will not address a Bug or provide support, consider replacing the software.
Vulnerability Management Program
RESPONSE
Set a policy for responding to any incident across the network. The policy should set the standard for employee and management behavior including severity rating of the incident, corrective action or remediation report framework, the scope of the policy, and the purpose and expected outcomes of following the policy.
Incident Response Policy
A strict set of steps to follow in the event of an incident makes up the incident response procedures. This “playbook” for your Incident Response Policy will guarantee uniformity and consistency in how you address incidents.
Incident Response Procedures
The exact stakeholders and roles impacted by an incident should be identified and communicated with in the event of an incident. Guidelines around the identification and communication process will streamline incident response and reduce negative impacts.
Identify Roles And Responsibilities
VULNERABILITY MANAGEMENT AND ASSESSMENT
Establish and test your business continuity and disaster recovery plan. This plan should touch not just technology and IT, but also HR, operations, finance, and other key components of your business. The continuity and disaster recovery plan should include a restore point objective (RPO) and restoration time objective (RTO).
Business Continuity And Disaster Recovery
Planning, testing, and response will produce significant information and lessons for your entire business. Take note of what is learned, what works, and what needs to be improved. Incorporate these plans into the policies and guidelines above. Security is constantly evolving. Remain vigilant.
Incorporate Lessons Learned