Cybersecurity Checklist for Staying Safe Online

For affiliate employees who work with computers on the job, staying safe online is a must. Every day, nearly 1,300 reports of cybercrime are filed with the FBI’s Internet Crime Complaint Center. Hackers want to access business computers to commit fraud, steal financial data and hold digital files for ransom.

Affiliates are most at risk of business email compromise (BEC) scams. About one in four small- to medium-sized businesses is affected. Cyber criminals can hack into systems, sneak in to harvest credentials or trick employees into letting them in (social engineering) with fake email requests (phishing). These cyber-attacks cost businesses more than $3.5 billion in 2019.

Review this cybersecurity checklist for staying safe online to make sure your affiliate is doing everything it can to minimize the risk of a hack.

Cybersecurity Checklist for Staying Safe Online

Policies and Procedures

Have a documented cybersecurity policy for the affiliate.
Ensure employees understand the cybersecurity policy and its importance.
Follow cybersecurity policy guidelines for all affiliate devices.
Have a documented policy for if and how employees can use their own devices for work.
Make sure employees understand and follow the policy for personal devices at work.

Facility Security

Restrict physical access to employee-only areas using swipe badges or locks.
Have a documented policy prohibiting propped open doors and unauthorized access.
Use a sign-in log for visitors and vendors needing access to employee-only areas.
Escort visitors and vendors in employee-only areas.

IT Protection

Grant each employee only the amount of network access needed to do their jobs.
Keep computer systems updated and patched each week.
Ensure updates and patches run automatically and can’t be overridden by employees.
Turn on Multi-Factor Authentication (MFA) for business email accounts.
Activate spam filters on all business email accounts.
Set up flagging alerts for external emails.
Use security software to scan incoming emails and downloaded files for threats.
Place restrictions on internet usage and prohibited domains.
Monitor affiliate social media accounts for any suspicious links or activity.
Remove or deactivate network services and webpages that are not in use.
Enable encryption for network traffic.
Perform data backups on a weekly basis.
Preserve and secure data backups.
Perform and document system firewall testing.

Password Safety

Require passwords with a mix of at least 8-12 numbers, letters and symbols.
Make sure passwords are kept confidential and not shared.
Prohibit recycling of old passwords within 90 days of use.
Ensure employees use MFA logins for all accounts where it is available.

Online Safety

Make employees feel important and included in protecting the affiliate’s digital assets.
Ensure employees understand what affiliate information is considered confidential.
Stress the importance of affiliate cybersecurity at all levels of the organization.
Train new hires on policies, social engineering hacks, fake email scams and phishing.
Conduct yearly refresher training on social engineering hacks, fake email scams and phishing.
Include cybersecurity refreshers in monthly reminders and trainings.
Test employee understanding of training and policy compliance with internal phishing exercises.
Share results of internal phishing exercises and train employees on any weaknesses.
Train employees to scrutinize email messages before opening or downloading attachments.
Prohibit employees from using personal email accounts on affiliate computers.

Financial Security

Have a documented wire transfer and payments policy for the affiliate.
Verify all payment requests, from both non-employees and internal parties, regardless of rank.
Review financial safety policies and procedures regularly in reminders and trainings.
Require greater involvement and seniority for payment approvals as dollar value increases.
Confirm the accuracy of vendor payment requests directly by a method other than email.
Check the initiation and authorization of payments verbally with the payment requester.
Ask banking partners to verbally confirm requests over a specified dollar amount.
Configure online bank safety features to restrict usage and require transaction approvals.
Have policies and procedures in place to handle any emergency or urgent payment needs.

The risk of a cybersecurity incident at your affiliate can be greatly reduced by implementing the items on this checklist. Determine what steps are already taken to protect computer systems and data, then identify others that need to be implemented. The right steps will help ensure hackers don’t cause problems for your affiliate.

By AffinityAdmin|2024-03-20T21:14:19+00:00November 17, 2021|Uncategorized|0 Comments

About the Author: AffinityAdmin

LOCKTON AFFINITY, LLC.

10895 Lowell Avenue, Suite 300 | Overland Park, KS 66210

(888) 553-9002 | HFHInsuranceService@LocktonAffinity.com

MAILING ADDRESS: PO Box 410679 | Kansas City, MO 64141

The Habitat for Humanity Affiliate Insurance Program is administered by Lockton Affinity, LLC d/b/a Lockton Affinity Insurance Brokers LLC in California #0795478. Coverage is subject to actual policy terms and conditions. Policy benefits are the sole responsibility of the issuing insurance company. Coverage may be provided by an excess/surplus lines insurer which is not licensed by or subject to the supervision of the insurance department of your state of residence. Policy coverage forms and rates may not be subject to regulation by the insurance department of your state of residence. Excess/Surplus lines insurers do not generally participate in state guaranty funds and therefore insureds are not protected by such funds in the event of the insurer’s insolvency. Habitat for Humanity will receive a royalty fee for the licensing of its name and trademarks as part of the insurance program offered to the extent permitted by applicable law.

Copyright © Lockton Companies. | Terms of Use | Privacy Policy | Compensation Disclosure