img

Continued...

Do you delete inactive users?- Users that no longer work for the business should be deleted. This will reduce the access points for a hacker. Thus, making it harder to get in.

Have you deleted data that is no longer relevant?- All data that a business should hold should be useful or required by law all other data beyond this should be deleted from your system. This will reduce the risk of the business as the less data they hold the easier it is to secure. This will also mean that should a breach occur you don’t have to worry that data has been stolen that you had forgotten about and as a result notification costs will fall as well as remediation costs.

Can you tell them where your data is?- You should know where your data is stored and where you keep your records. This will allow you to protect these places and improve security should it be needed.

img
img
img

 

How often do you Change passwords?- All users should be prompted to change their passwords monthly. This will reduce the opportunity that a hacker has to enter the network. Users should also keep their passwords private and not divulge their passwords to any other employee’s.

Is there a plan?- Insurers prefer it if you have a plan in place. Its uncommon that business have developed a plan often because it’s something that they have never considered. A plan will include the necessary actions and procedures that you have in place should a breach occur. This may include how you will notify the necessary parties and businesses that you may call in order to rectify the situation.