Organization with a reduced risk of a cyber attack follow security best practices and have:

☑️ A comprehensive cyber liability insurance is in place and has adequate coverage to protect my organization.

☑️ Ongoing technical business reviews with their IT provider focused on asset management and security risk management.

☑️ Implemented an “ongoing” security awareness training program that includes comprehensive training, phishing emails and testing.

☑️ Multi-factor authentication used for remote access to internal computers (remote desktop gateway or VPN).

☑️ Critical data identified and imaged-based backups that are restorable in the cloud.

☑️  Folder redirection or cloud solution with data backup for local desktops and remote users.

☑️ Local area network protected by a firewall that has comprehensive gateway security software enabled and DPI/SSL.

☑️ Password complexity policies implemented and changed every 90 days and manageable through Active Directory.

☑️ Evaluated and deployed all operating systems and 3rd party application patches in a timely manner.

☑️ Taken corrective action if devices are found to be out of compliance or have errors.

☑️ Deployed next gen behavior-based anti-virus software to all PCs.

☑️ Implemented and audited Office 365 security policies quarterly.

☑️ MFA enabled on all users.

☑️ Backed up Microsoft platform.

☑️ Comprehensive anti-spam protections in use on all email accounts.

☑️ Written IT policies that govern the use of computers, passwords, mobile devices, email, confidential data, social media, physical security, WiFi, etc.

☑️ A written incident response procedure & crisis management plan.

☑️ End Point Device Management security precautions in place for all devices holding business data including BYOD devices.

☑️ Yearly backup and disaster testing done to verify disaster procedures and recovery of IT systems.