Security doesn’t have to be complicated. We’ve adapted this checklist to help businesses identify what steps they need to take to keep their employees and their customers’ information secure.

We split the list up into four areas you should consider when fortifying your business against cybersecurity threats. While we can’t cover everything here, by using these four sections as a guide, you’ll be off to a great start*.

• Get a security and compliance solution.Check out our very own Bento Assurance HQ developed by our team to inventory devices, systems, policies, controls and capture your ongoing and proactive effort. The software is included in all Professional Services engagements to accelerate your information security efforts.

Creating a culture of security means giving your team the tools and guidance they need to work securely. The goal is to eliminate guesswork. When employees know how to work securely, they’re much more likely to do so. With 82% of data breaches traced back to a human element, it’s important to empower employees to make smart security decisions at work. To learn more, you check out the How to build a culture of security guide from our friends at 1Password.

• Create a cybersecurity training program. Ongoing security training will help keep your team knowledgeable about how to reduce risk and make smart security choices. Download our guide to creating an internal security training program.

• Incorporate security into your onboarding experience. Make it easy for new employees to get up to speed on your security policies so they set good habits from the get go.

• Build policy compliance into employee reviews. You’re only as strong as your weakest link. Security should be a part of everyone’s role at a company.

• Reward security contributors. Encourage your workers to share security concerns or ideas, then reward them for their participation.

• Make it easy to contact your security team. Make sure employees know who is responsible for security within your business and how to contact them if there’s a problem.

Not everyone in your business needs access to everything. By creating guidelines around who has access to what and when, you can significantly reduce your threat landscape. Review, monitor, and control permissions so that people only have access to what they need.

• Mitigate risk by limiting who has access to what. Employ the principle of least privilege when it comes to your security. By reducing who has access to what, you’re reducing your threat landscape. Always ask yourself if someone needs access to something to complete their work. If they don’t, they shouldn’t have access.

• Require strong, unique passwords on all employee accounts. You can’t control whether a service you use has been breached, but you can encourage your team to use unique passwords for every account – so if there is a breach it won’t affect any of their other accounts…

• Implement a password manager. A password manager like 1Password makes it easy for your team to create and use strong, unique passwords. Learn more about why you need a password manager.

• Require multi-factor authentication (MFA) on company devices. Requiring MFA for all accounts is more secure than requiring a password alone.

• Monitor security health. Security isn’t something you can check off and be done with, it’s an ongoing process. Consider partnering with Bento Cybersecurity Professional Services to formalize your information security and build an ongoing and proactive effort for risk management.

A Really Quick Guide to MFA.
Microsoft Authenticator and Google Authenticator are interchangeable and often the most convenient solution, but they have an allegiance to their own systems. Each will provide a better experience in their world. A solid third-party option is 1Password which can be used as an authenticator in addition to password storage and integrates exceptionally well into a good culture. For reliable sync between devices, Authy shines with simplicity and capability.

Keeping software and devices up-to-date can go a long way in protecting your business. It also helps to delete or archive data that no longer serves a purpose – thus reducing potential damage should your business be breached.

• Encrypt your hard drive/data. Should anyone ever gain access to your hard drive or data, encryption renders that data useless.

• Require regular updates TO company devices. Automatic software updates should be a requirement of your security policy – and employees should be encouraged to stay vigilant about updates. Since most updates are security-related, it’s important to make sure your employees are using the latest versions of any software that could be compromised.

• Create a data retention policy. It’s important to set guidelines around what data you store (and for how long), and what you archive. Keeping information you don’t need could put you at higher risk if you’re ever caught up in a breach where that information is exposed.

• Implement a device management program. Create rules around how employees use company devices to encourage smarter security. For example, require workers to use two browsers – one for work, and one for personal use.

• Secure your business network. Use up-to-date firewall rules for your network and perform regular software updates, scheduled backups, and periodic reviews of your systems.

• Establish a tool review process. Make it easy for your team to request new tools so they can stay productive while still aligning with the company’s security mandates.

With a 50% increase in global weekly cyberattacks per organization year-over-year the risks of a data breach grow every day. Putting security practices in place to prevent a breach is the first step in protecting your organization – the next is creating an incident response plan should you be breached.

• Create an incident response plan. Treat breaches as an inevitability so you’re always prepared should one occur. Check out our Incident response guide to get started.

• Establish an incident response team. If an incident does occur, you’ll want to react fast. Part of that is having a team ready to respond. Make sure everyone knows who’s on that team, and how to contact them.

Schedule regular times throughout the year to review policies, training documentation, onboarding resources, tooling, and more. Make improvements and tweak your security as needed.

No business is the same, so security policies and needs should be created to cater to your business’ needs. Use this checklist to review different parts of your security, and update wherever you need it.