Cyber or Network Security Risk is fast becoming one for the key risks business must address.

With the ever-increasing exposures on information security, it’s crucial to ensure that your organisation’s systems are protected from both human error and malicious attacks on sensitive information, whether it is your organisation’s intellectual property, or sensitive information of that including your employees.

The checklist will guide you in determining your organisation’s current position on cyber risk management. The checklist will also provide useful insight into cyber risk and ways to manage it.

Attention Directors

Network security and cyber risk management are no longer limited to the domain of the IT department of each organisation-strategic direction needs to come from the top, through senior management and executive decision-makers.

Are you aware that failure to properly prepare for and prevent a network security breach could be deemed a failure of your director’s duty and possibly lead to a Directors & Officers Liability claim or other civil liability claims against the organisation?

Read below to complete the checklist and determine your level of protection.

Understand your Cyber Risk

  1. Are you aware of the impact and possible cost of a cyber/data breach on your organisation and how you would respond?
  2. Do you know the biggest cyber risks faced by your industry?
  3. Are you aware of the changes to legislation regarding mandatory notification of data/network breaches and whether these impacts on your business?
  4. Can you easily determine what information about your business is currently in the public domain and how this affects your risk profile?
  5. Can you identify what information/data within your organisation might be targeted by cyber criminals and why?
  6. Does your business collect and store personal identifiable information? How many records are kept and is the information shared with third parties?

Cyber Risk Strategy: Important for Directors

  1. Are you aware of your directors’ obligations with respect to protection of your network data and notification of breaches or suspected breaches?
  2. Is network security integrated into your corporate risk management framework?
    • Do you have a disaster recovery/incident response plan?
    • Are security policies enforced and updated and do this match your business size?
    • Is data ownership established and is it classified by its usage and sensitivity?
    • Do you have a computer software and hardware asset inventory list?
  3. Are there written and implemented policies and procedures around privacy, handling sensitive information, usage of internet, email, portable devices, remote working, passwords, making payments?
  4. What is your review/audit process to ensure compliance with cyber risk policies and procedures?
  5. Is there any adequate training in place to educate staff on cyber risk, privacy obligations, compliance with company policies and procedures, identification of suspicious activity and how to report this?
  6. Does the organisation hold a Cyber Liability insurance policy as part of its risk management?
  7. Network Security Infrastructure: How resilient is your organisation?
  8. IT Department
    • Do you outsource you IT? Fully/partially? Does this include your IT security?
    • Have you ever performed security penetration testing of your network to identify vulnerabilities?
    • Is all software updated when required? Is anti-virus software active for all users?
    • Are you ensuring physical security of systems and facilities?
    • Are file logs reviewed ensuring system backups with periodic data restores?
    • Are issues, risks and potential breaches reported internally? Is there a procedure?