Cybersecurity Checklist Business Action Items This section provides a thorough (although not all-inclusive or exhaustive) checklist of action items within the three categories for Incident Management (Planning, Preparation, and Prevention - Response - Recovery). You should take the items that apply to your industry sector and particular business situation, and incorporate them into your Incident Response Plan, adding any other specific actions that should be taken by your business or industry that may not be listed here. If you don t yet have an Incident Response Plan, Securing Our ecity will be offering free templates for SMBs and others to use and customize to your business. Also, refer to the list of resources in the next section for information about Incident Management planning, response, and recovery standards and procedures. Bringing IT Home Checklist Action Items
Planning, Preparation, and Prevention Actions Identify and track all critical business systems and processes which may be susceptible to compromise, including accounting, human resources, material handling, production, packaging, inventory, transportation, warehousing, scheduling, customer service/support, etc. Maintain an accessible hardcopy list of applicable contacts and alternates for key customers, partners, shipping and related services, including alternate methods of communication Create a Business Operations Plan, to include: Standard business procedures for normal operations, including how to maintain and secure digital business information, and how any automated business processes should function Alternate business procedures for atypical operations, including the use of paper-based or other non-automated processes and how to ensure necessary security of confidential or sensitive information Establish criteria for selecting IT Service Providers find those which follow international or national standards (e.g., ITIL, ISO/IEC, NIST) Develop a Security Plan for manual, physical security measures to replace automated ones Ensure compliance knowledge for Sarbanes-Oxley (SOX), HIPAA, FISMA and other applicable laws or regulations Develop a Disaster Recovery Plan & Business Continuity Plan (also called a Continuity of Operations Plan or COOP), together referred to as a DR/BC Plan, taking into account the following: Coordinate emergency plans with suppliers & primary customers Plan for manual or alternative business operations Plan for local emergency power generation, if necessary Plan for emergency fuel supplies (onsite storage or delivered) Use Uninterruptible Power Supply (UPS) with battery back-up for all IT equipment 103
Plan for how to conduct offline financial transactions (e.g., cash); coordinate a plan in advance with your financial institution Develop written procedures for system shutdown, lock-out, and re-start Plan for retrieving and restoring backup data Plan for moving business operations to an alternate facility/site Educate staff on Business Operations Plan, DR/BC Plan, as well as policies and procedures related to protection of company assets (including data) and general cyber security practices Conduct quarterly, bi-annual or as needed Perform an assessment of the training did they get it Use practice situations, drills, exercises, etc. as a type of training Develop acceptable use cyber policies including: Internet access, Blacklisted websites, Social media, etc. Define permissible online activities, as well as prohibited ones Ensure employees are trained on the policy and sign an acknowledgement (possibly annually) Implement Cybersecurity Best Practices: Backup business data (daily incremental / weekly - full) onto encrypted media and store copies offsite Keep all systems updated with anti-virus and anti-malware security software, including automated patches and updates Keep all computer operating systems updated with current security patches Secure wireless networks with strong passwords (remove factory defaults); hide the broadcast identifier (SSID) to reduce drive by attacks Have IT staff enable and monitor system and network audit logging Ensure compliance with all relevant regulatory requirements (e.g., FISMA/FIPS) Bringing IT Home Checklist Action Items
Limit who has direct access to client records to only those who need it Implement Internet traffic monitoring and filtering (block unwanted sites) Train employees in Cybersecurity and proper use of business systems Keep customer/client data stored separately from any public access website Keep a paper backup copy of client records (safely and securely stored) Develop a Computer Security Incident Response Plan Maintain inventory of computer assets (hardware and software) Maintain list of IT service providers and emergency contact information Create checklist of specific actions in an event of a cyber incident (often in the form of a decision tree, so that particular actions are dependent on the nature and extent of a potential incident) Define and establish priority notification of employees Define and establish priority notification of customers/clients, as deemed necessary and at the appropriate time Define other notifications (e.g., law enforcement) Account for Regulatory Compliance (as required) Conduct refresher training on emergency procedures (at least annually) Have a manual (non-electric) safe or locking fireproof cabinet for secure storage of paper or other non-digital materials Incorporate alternative energy sources when feasible (e.g., active solar, gas/ diesel/propane powered generators) Plan for conducting manual financial transaction; have emergency cash in a secure place Plan for potential barter system to obtain food and other essentials (for longterm disaster situations Know where to go to obtain cash Plan for alternative modes of transportation Plan and pre-arrange alternative ordering methods with current suppliers Plan alternative for food preservation, preparation, and distribution 105
Plan alternative methods for obtaining fuel and supplies Coordinate alternative delivery plans with suppliers and customers to minimize losses Plan to ensure security of emergency cash and credit/debit cards Plan how to protect valuables Response Actions Identify impacted/compromised systems and assess damage Implement cyber incident response plan actions (emergency/contingency plans) to minimize losses Attempt to preserve evidence while disconnecting/segregating affected systems Obtain system configuration, network, and intrusion detection logs. Note any configuration changes (before and after incident). Preserve hard drive(s) from compromised system, if possible Notify appropriate authorities and request assistance, if necessary Reduce damage by removing (disconnecting) affected computers Implement manual tracking and controls Coordinate with suppliers and customers for long-term needs Implement alternate delivery methods with suppliers & customers Plan for alternative modes of transportation Know where to go & how to implement cash or barter transactions for transportation Minimize travel until services are restored Ensure security of emergency cash and credit/debit cards Protect valuables (the company s and also employees or customers ) Coordinate with others in the immediate area and (if possible) peer businesses; share information & resources, as appropriate Bringing IT Home Checklist Action Items
Recovery Actions Make checkpoints (also called recovery points ) frequently, and take actions to restore systems to normal configurations Use backup data to restore systems to last known clean status Store backups in a physically and environmentally secured location (onsite or offsite, or both) Update restored systems with current data (from manual transactions) Create new clean backup after data has been updated Continue manual or alternate operations processes/procedures until emergency, disaster or cyber incident is declared over and business is allowed to return to normal operations Re-establish ordering and shipping processes, as necessary & available Coordinate with others (suppliers, partners, distributors, & customers); share information & resources, as appropriate Re-establish business operations when feasible; bring up critical systems & operations first 107