For affiliate employees who work with computers on the job, staying safe online is a must. Every day, nearly 1,300 reports of cybercrime are filed with the FBI’s Internet Crime Complaint Center. Hackers want to access business computers to commit fraud, steal financial data and hold digital files for ransom.
Affiliates are most at risk of business email compromise (BEC) scams. About one in four small- to medium-sized businesses is affected. Cyber criminals can hack into systems, sneak in to harvest credentials or trick employees into letting them in (social engineering) with fake email requests (phishing). These cyber-attacks cost businesses more than $3.5 billion in 2019.
Review this cybersecurity checklist for staying safe online to make sure your affiliate is doing everything it can to minimize the risk of a hack.
Cybersecurity Checklist for Staying Safe Online
Policies and Procedures
- Have a documented cybersecurity policy for the affiliate.
- Ensure employees understand the cybersecurity policy and its importance.
- Follow cybersecurity policy guidelines for all affiliate devices.
- Have a documented policy for if and how employees can use their own devices for work.
- Make sure employees understand and follow the policy for personal devices at work.
- Restrict physical access to employee-only areas using swipe badges or locks.
- Have a documented policy prohibiting propped open doors and unauthorized access.
- Use a sign-in log for visitors and vendors needing access to employee-only areas.
- Escort visitors and vendors in employee-only areas.
- Grant each employee only the amount of network access needed to do their jobs.
- Keep computer systems updated and patched each week.
- Ensure updates and patches run automatically and can’t be overridden by employees.
- Turn on Multi-Factor Authentication (MFA) for business email accounts.
- Activate spam filters on all business email accounts.
- Set up flagging alerts for external emails.
- Use security software to scan incoming emails and downloaded files for threats.
- Place restrictions on internet usage and prohibited domains.
- Monitor affiliate social media accounts for any suspicious links or activity.
- Remove or deactivate network services and webpages that are not in use.
- Enable encryption for network traffic.
- Perform data backups on a weekly basis.
- Preserve and secure data backups.
- Perform and document system firewall testing.
- Require passwords with a mix of at least 8-12 numbers, letters and symbols.
- Make sure passwords are kept confidential and not shared.
- Prohibit recycling of old passwords within 90 days of use.
- Ensure employees use MFA logins for all accounts where it is available.
- Make employees feel important and included in protecting the affiliate’s digital assets.
- Ensure employees understand what affiliate information is considered confidential.
- Stress the importance of affiliate cybersecurity at all levels of the organization.
- Train new hires on policies, social engineering hacks, fake email scams and phishing.
- Conduct yearly refresher training on social engineering hacks, fake email scams and phishing.
- Include cybersecurity refreshers in monthly reminders and trainings.
- Test employee understanding of training and policy compliance with internal phishing exercises.
- Share results of internal phishing exercises and train employees on any weaknesses.
- Train employees to scrutinize email messages before opening or downloading attachments.
- Prohibit employees from using personal email accounts on affiliate computers.
- Have a documented wire transfer and payments policy for the affiliate.
- Verify all payment requests, from both non-employees and internal parties, regardless of rank.
- Review financial safety policies and procedures regularly in reminders and trainings.
- Require greater involvement and seniority for payment approvals as dollar value increases.
- Confirm the accuracy of vendor payment requests directly by a method other than email.
- Check the initiation and authorization of payments verbally with the payment requester.
- Ask banking partners to verbally confirm requests over a specified dollar amount.
- Configure online bank safety features to restrict usage and require transaction approvals.
- Have policies and procedures in place to handle any emergency or urgent payment needs.
The risk of a cybersecurity incident at your affiliate can be greatly reduced by implementing the items on this checklist. Determine what steps are already taken to protect computer systems and data, then identify others that need to be implemented. The right steps will help ensure hackers don’t cause problems for your affiliate.