Organisation Policy
1.
Do you have an information security in place to ensure the usage of a strong password?
2.
Do you regularly destroy unwanted information: shredding paper files, physically destroying old hard drives, wipe devices, removing and destroying memory and SIM cards, etc.?
3.
Do you restrict access to data within your organisation?
4.
If you have a Bring Your Own Device (BYOD) policy, can you remotely manage and wipe organisation data from each employee’s device?
Compliance
5.
Do you know the law on data protection and when to inform customers about a breach?
6.
Do you have an incident response plan for handling cyber incidents?
7.
Have you created a Data Breach Notification Policy, which is a document you provide to all of your customers, telling them how your business will notify them should a data breach occur?
8.
Do you have an updated and regularly tested IT Contingency plan?
ICT Infrastructure
9.
Are all your devices running on the latest available operating system?
10.
Are your devices protected from viruses and other malicious software?
11.
Is your network configured to automatically install security updates?
12.
Does your email provider offer virus and phishing scans?
13.
Are your all servers, hard drives, data storage devices, folders and files encrypted?
14.
Is your data backed up?
15.
Are your systems regularly checked for vulnerabilities?
Employee Cybersecurity Awareness
16.
Do you have a formal cyber security awareness training for employees?
17.
Has your organisation been victim to data breaches due to employee mistakes?
18.
Do you have additional training for employees who are more susceptible to cyber mistakes?
19.
Are your employees trained within 30 days of being recruited?
20.
Do you educate employees on information security policies and procedures, including the need for strong passwords?