Cybersecurity Checklist for Staying Safe Online

Cybersecurity Checklist for Staying Safe Online
Posted on November 17, 2021 in Uncategorized

Print This Post Print This Post

For affiliate employees who work with computers on the job, staying safe online is a must. Every day, nearly 1,300 reports of cybercrime are filed with the FBI’s Internet Crime Complaint Center. Hackers want to access business computers to commit fraud, steal financial data and hold digital files for ransom.

Affiliates are most at risk of business email compromise (BEC) scams. About one in four small- to medium-sized businesses is affected. Cyber criminals can hack into systems, sneak in to harvest credentials or trick employees into letting them in (social engineering) with fake email requests (phishing). These cyber-attacks cost businesses more than $3.5 billion in 2019.

Review this cybersecurity checklist for staying safe online to make sure your affiliate is doing everything it can to minimize the risk of a hack.

Cybersecurity Checklist for Staying Safe Online

Policies and Procedures

  • Have a documented cybersecurity policy for the affiliate.
  • Ensure employees understand the cybersecurity policy and its importance.
  • Follow cybersecurity policy guidelines for all affiliate devices.
  • Have a documented policy for if and how employees can use their own devices for work.
  • Make sure employees understand and follow the policy for personal devices at work.

Facility Security

  • Restrict physical access to employee-only areas using swipe badges or locks.
  • Have a documented policy prohibiting propped open doors and unauthorized access.
  • Use a sign-in log for visitors and vendors needing access to employee-only areas.
  • Escort visitors and vendors in employee-only areas.

IT Protection

  • Grant each employee only the amount of network access needed to do their jobs.
  • Keep computer systems updated and patched each week.
  • Ensure updates and patches run automatically and can’t be overridden by employees.
  • Turn on Multi-Factor Authentication (MFA) for business email accounts.
  • Activate spam filters on all business email accounts.
  • Set up flagging alerts for external emails.
  • Use security software to scan incoming emails and downloaded files for threats.
  • Place restrictions on internet usage and prohibited domains.
  • Monitor affiliate social media accounts for any suspicious links or activity.
  • Remove or deactivate network services and webpages that are not in use.
  • Enable encryption for network traffic.
  • Perform data backups on a weekly basis.
  • Preserve and secure data backups.
  • Perform and document system firewall testing.

Password Safety

  • Require passwords with a mix of at least 8-12 numbers, letters and symbols.
  • Make sure passwords are kept confidential and not shared.
  • Prohibit recycling of old passwords within 90 days of use.
  • Ensure employees use MFA logins for all accounts where it is available.

Online Safety

  • Make employees feel important and included in protecting the affiliate’s digital assets.
  • Ensure employees understand what affiliate information is considered confidential.
  • Stress the importance of affiliate cybersecurity at all levels of the organization.
  • Train new hires on policies, social engineering hacks, fake email scams and phishing.
  • Conduct yearly refresher training on social engineering hacks, fake email scams and phishing.
  • Include cybersecurity refreshers in monthly reminders and trainings.
  • Test employee understanding of training and policy compliance with internal phishing exercises.
  • Share results of internal phishing exercises and train employees on any weaknesses.
  • Train employees to scrutinize email messages before opening or downloading attachments.
  • Prohibit employees from using personal email accounts on affiliate computers.

Financial Security

  • Have a documented wire transfer and payments policy for the affiliate.
  • Verify all payment requests, from both non-employees and internal parties, regardless of rank.
  • Review financial safety policies and procedures regularly in reminders and trainings.
  • Require greater involvement and seniority for payment approvals as dollar value increases.
  • Confirm the accuracy of vendor payment requests directly by a method other than email.
  • Check the initiation and authorization of payments verbally with the payment requester.
  • Ask banking partners to verbally confirm requests over a specified dollar amount.
  • Configure online bank safety features to restrict usage and require transaction approvals.
  • Have policies and procedures in place to handle any emergency or urgent payment needs.

The risk of a cybersecurity incident at your affiliate can be greatly reduced by implementing the items on this checklist. Determine what steps are already taken to protect computer systems and data, then identify others that need to be implemented. The right steps will help ensure hackers don’t cause problems for your affiliate.

comments powered by Disqus

Sorry, that passcode is incorrect.

Submit

Online Training Course Instructions

Read this entirely before proceeding to a training course.

Access Code: W8NAEBTG

Recommended Courses

  • You are Exposed: General Affiliate Safety
  • Fall Safety
  • ReStore Safety & Loss Control
  • Volunteering on a Habitat for Humanity Job Site

Take Training Course Now
Instructions
  • After reading these instructions in their entirety, click on Take Training Course Now.
  • In the Employee Access Code box enter: W8NAEBTG and press Submit. This is the code for all Habitat affiliates and volunteers to use.
  • The Safety Courses catalog screen offers a diverse selection of safety courses, including four Habitat-specific courses. Course completion time ranges from 15 to 30 minutes.
  • Click the name of the course you wish to take. The course loads and starts automatically. When the presentation has ended you will be prompted to take a Quiz.
  • Upon completion of the Quiz, you’ll be given your accuracy score, indicating Pass or Fail.
  • If you Fail, you may log in again and re-take the course at a later time
  • If you Pass, you will be directed to a course completion screen. On this screen enter your First Name and Last Name in the appropriate fields. In the Location field enter the Habitat affiliate name you are working with.
  • Course completion information is provided to HFHI, the program administrator and program underwriter.