Introduction:
The objective of this cybersecurity best practices checklist is to help you bolster your defence against potential threats and safeguard your digital assets. It serves as a reference guide to ensure that essential security measures are in place. Regularly reviewing and implementing these practices will enhance your resilience against evolving cyber risks. We encourage you to conduct this exercise annually and whenever new personnel join the company to maintain a strong cybersecurity posture.
Objective:
The objective of this checklist is to provide a comprehensive guide for implementing cybersecurity best practices. Following these recommendations, you can mitigate potential threats, protect sensitive information, and maintain a secure digital environment. It is recommended to review and update these practices regularly, conducting the exercise at least once a year, and each time new personnel are onboarded. This proactive approach ensures ongoing protection and reduces vulnerabilities to emerging threats.
***Disclaimer: This checklist is provided for reference purposes only. Please use it at your discretion. We assume no liability or guarantee for its accuracy, completeness, or effectiveness.
Cybersecurity Checking For Team Member
| Cybersecurity Knowledge Check (YES – 1 Pont , No / Notsure – 0 Point) | Risk Score (Points) |
|---|---|
| Exercise caution with spam/scam emails | |
| Install and regularly update antivirus software | |
| Use strong and unique passwords | |
| Regularly update passwords | |
| Try to use two-factor authentication (2FA) whenever available | |
| Be cautious of phishing attempts | |
| Avoid clicking on suspicious links or attachments | |
| Keep software and devices up to date | |
| Secure Wi-Fi usage | |
| Use encrypted channels for sensitive information | |
| Verify sender and caller before sharing sensitive info | |
| Use SSL at websites and only visit those with HTTPS | |
| Report suspicious activity or incidents |
In the “Risk Score” column, assign points for each response as follows:
- Yes: 1 point
- No: 0 points
- Not Sure: 0 points
Calculate the total risk score for each cybersecurity check by summing up the points. This single Risk Score column represents the overall risk level for each item.
By consolidating the Risk Score into a single column, it becomes easier to assess and track the overall risk status, enabling better identification of areas that require attention or improvement.
Explanation
Exercise caution with spam/scam emails:
Exercise caution when receiving emails from unknown or suspicious sources. Be wary of unsolicited emails that may contain scams, phishing attempts, or malicious content. Avoid clicking on suspicious links or providing personal information in response to such emails.
Install and regularly update antivirus software:
Install reliable antivirus software on your devices to protect against malware, viruses, and other cybersecurity threats. Regularly update the antivirus software to ensure it has the latest virus definitions and security patches.
Use strong and unique passwords:
Create strong and unique passwords for your accounts. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information like names or birthdates. Using unique passwords for each account enhances security and minimizes the risk of unauthorized access.
Regularly update passwords:
Regularly update your passwords for all accounts, especially for critical ones like email and banking. Changing passwords periodically reduces the chances of compromised accounts and unauthorized access to sensitive information.
Try to use two-factor authentication (2FA) whenever available:
Enable two-factor authentication (2FA) whenever possible. 2FA adds an extra layer of security by requiring an additional verification step, such as a temporary code sent to your mobile device, in addition to your password. It provides an added level of protection against unauthorized access.
Be cautious of phishing attempts:
Phishing attempts are deceptive tactics used to trick individuals into revealing sensitive information. Be cautious of suspicious emails, messages, or phone calls that request personal information or financial details. Verify the authenticity of the sender and exercise caution before sharing any sensitive information.
Avoid clicking on suspicious links or attachments:
Be cautious of clicking on links or downloading attachments from unfamiliar or suspicious sources. Malicious links and attachments can contain malware or lead to phishing websites. Verify the legitimacy of the source before interacting with such content.
Keep software and devices up to date:
Regularly update your software, including operating systems and applications, to ensure you have the latest security patches and bug fixes. Outdated software may have vulnerabilities that can be exploited by cybercriminals.
Secure Wi-Fi usage:
When using Wi-Fi networks, especially public ones, ensure they are secure. Avoid connecting to unsecured or open Wi-Fi networks that can expose your data to potential interception. Use encrypted Wi-Fi networks or consider using a virtual private network (VPN) for added security.
Use encrypted channels for sensitive information:
When sharing sensitive information, such as personal or financial data, ensure you are using encrypted channels. Look for websites with “HTTPS” in the URL and a padlock symbol in the browser address bar, indicating a secure and encrypted connection.
Verify sender and caller before sharing sensitive info:
Before sharing sensitive information with someone over email, phone, or other channels, verify the identity of the sender or caller. Confirm their authenticity and ensure you are communicating with trusted sources.
Use SSL at websites and only visit those with HTTPS:
When browsing websites, prioritize those that have SSL (Secure Sockets Layer) encryption and display “HTTPS” in the URL. SSL encrypts data transmitted between your device and the website, ensuring confidentiality and integrity of information.
Report suspicious activity or incidents:
If you come across any suspicious activity, receive phishing emails, or encounter potential security incidents, promptly report them to the appropriate personnel or IT department. Reporting helps address and mitigate potential threats effectively.
