Downloaded 39 times
![Spencer Fane LLP | spencerfane.com
Good Cyber Hygiene Checklist
n Start with a risk assessment
n Written policies and procedures focused on
cybersecurity and tailored to company
— Expectations for protection of data
— Monitoring and expectations of privacy
— Confidentiality of data
— Limits of permissible access and use
— Social engineering
— Passwords policy & security questions
— BYOD
n Training of all workforce on your policies and
procedures, first, then security training
n Phish all workforce (incl. upper management)
n Multi-factor authentication
n Signature based antivirus and malware detection
n Internal controls / access controls
n No default passwords
n No outdated or unsupported software
n Security patch updates management policy
n Backups: segmented offline, cloud, redundant
n Use reputable cloud services
n Encryptsensitivedataandair-gaphypersensitive
data
n Adequate logging and retention
n Incident response plan
n Third-party security risk management program
n Firewall, intrusion detection, and intrusion
prevention systems
n Managed services provider (MSP) or managed
security services provider (MSSP)
n Cyber risk insurance
Assess
Cyber Risk
Strategic
Planning
Deploy
Defense
Assets
Develop,
Implement &
Train on P&P
Tabletop
Testing
Reassess
& Refine
Cyber Risk
Management
Program
“[T]he relevant inquiry here is a cost-benefit analysis, that considers a number of relevant factors, including
the probability and expected size of reasonably unavoidable harms to consumers given a certain level of
cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity.”
– FTC v. Wyndham, (3rd Cir. Aug. 24, 2015)](https://image.slidesharecdn.com/cyberhygienechecklist-181128190536/85/Cyber-Hygiene-Checklist-1-320.jpg)
![Spencer Fane LLP | spencerfane.com
Good Cyber Hygiene Checklist
n Start with a risk assessment
n Written policies and procedures focused on
cybersecurity and tailored to company
— Expectations for protection of data
— Monitoring and expectations of privacy
— Confidentiality of data
— Limits of permissible access and use
— Social engineering
— Passwords policy & security questions
— BYOD
n Training of all workforce on your policies and
procedures, first, then security training
n Phish all workforce (incl. upper management)
n Multi-factor authentication
n Signature based antivirus and malware detection
n Internal controls / access controls
n No default passwords
n No outdated or unsupported software
n Security patch updates management policy
n Backups: segmented offline, cloud, redundant
n Use reputable cloud services
n Encryptsensitivedataandair-gaphypersensitive
data
n Adequate logging and retention
n Incident response plan
n Third-party security risk management program
n Firewall, intrusion detection, and intrusion
prevention systems
n Managed services provider (MSP) or managed
security services provider (MSSP)
n Cyber risk insurance
Assess
Cyber Risk
Strategic
Planning
Deploy
Defense
Assets
Develop,
Implement &
Train on P&P
Tabletop
Testing
Reassess
& Refine
Cyber Risk
Management
Program
“[T]he relevant inquiry here is a cost-benefit analysis, that considers a number of relevant factors, including
the probability and expected size of reasonably unavoidable harms to consumers given a certain level of
cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity.”
– FTC v. Wyndham, (3rd Cir. Aug. 24, 2015)](https://image.slidesharecdn.com/cyberhygienechecklist-181128190536/75/Cyber-Hygiene-Checklist-1-2048.jpg)
Uploaded byShawn Tuma
Cyber Hygiene Checklist
The document provides a checklist of good cyber hygiene practices for companies. It recommends starting with a risk assessment and developing written cybersecurity policies covering data protection, monitoring, privacy, access limits, passwords, and BYOD. It also stresses training employees on policies, conducting phishing tests, using multi-factor authentication, antivirus software, access controls, updating software and backups. The checklist additionally includes recommendations for encrypting sensitive data, adequate logging, an incident response plan, third-party risk management, firewalls and cyber risk insurance.
More Related Content
![HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]](https://cdn.slidesharecdn.com/ss_thumbnails/ransomwarewebinarfinalpresentation-160324145844-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Cyber Hygiene Checklist
Cyber Hygiene Checklist
- 1. Spencer Fane LLP| spencerfane.com Good Cyber Hygiene Checklist n Start with a risk assessment n Written policies and procedures focused on cybersecurity and tailored to company — Expectations for protection of data — Monitoring and expectations of privacy — Confidentiality of data — Limits of permissible access and use — Social engineering — Passwords policy & security questions — BYOD n Training of all workforce on your policies and procedures, first, then security training n Phish all workforce (incl. upper management) n Multi-factor authentication n Signature based antivirus and malware detection n Internal controls / access controls n No default passwords n No outdated or unsupported software n Security patch updates management policy n Backups: segmented offline, cloud, redundant n Use reputable cloud services n Encryptsensitivedataandair-gaphypersensitive data n Adequate logging and retention n Incident response plan n Third-party security risk management program n Firewall, intrusion detection, and intrusion prevention systems n Managed services provider (MSP) or managed security services provider (MSSP) n Cyber risk insurance Assess Cyber Risk Strategic Planning Deploy Defense Assets Develop, Implement & Train on P&P Tabletop Testing Reassess & Refine Cyber Risk Management Program “[T]he relevant inquiry here is a cost-benefit analysis, that considers a number of relevant factors, including the probability and expected size of reasonably unavoidable harms to consumers given a certain level of cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity.” – FTC v. Wyndham, (3rd Cir. Aug. 24, 2015)