If previous years have shown us anything, it’s that we want to be prepared for all situations. With IT due diligence, you have processes and procedures designed so your organization has a complete picture of your infrastructure and any risk associate with it. Here’s how to get start on 2021 with IT due diligence especially in cybersecurity.
Are You Doing Your IT Due Diligence?
The words “due diligence” may make you think of a courtroom drama on television. Surely, that’s something only lawyers have to worry about? Not so fast. Due diligence is something your business can be doing, too. Are you covering the basics?
Due diligence is about taking care and being cautious in doing business. It extends to how you manage your technology, too. This is vitally important when it comes to cybersecurity. You may think you’re immune to a data breach or cyberattack, but cybercriminals can target you regardless of business size or industry sector.
Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.
What is IT Due Diligence?
Cybersecurity due diligence requires attention to several areas. There are several items listed below that should be considered, and we recommend starting with a security risk assessment. You’ll learn any security gaps and easy to follow recommendations to help you achieve due diligence.
Here are some topics to consider regarding IT due diligence:
- Do you have an up-to-date list of authorized devices and authorized software?
- Are you checking for vulnerabilities as well as patching and remediting those vulnerabilities?
- What type of Malware defense do you have in place?
- Application security – How are you protecting your systems and software from attack?
- Wireless devices with WIFI network access – are employees able to connect over unsecure wifi?
- Are you testing your Data Recovery capabilities – backups and restoration?
- Do your employees have access to Security skills assessment and training?
- Do you systematically change passwords and secure configurations for network hardware?
- Are you able to track and controll the use of administrator privileges?
- Are you actively monitoring for network attacks?
- How is remote network access activity logged?
- Account monitoring and control – have you removed inactive accounts?
- Data loss prevention – are mobile storage media devices encrypted?
- Incident Response and Management – Is there a written incident response plan?
- Do you require Penetration testing?
Vendor Due Diligence
It will become more and more important to vet your contractors and vendors especially if you work on any sort of government contract.