- All machines that have important data or are connected to a network are password protected?
- All machines that have important data can only be accessed by employees who have a business need to access the data?
- All machines that have important data or are connected to a network reside behind a corporate firewall? The firewall software must be configured to receive regular security updates.
- Computer operating systems have all current updates and patches on all devices?
- Antivirus software is fully up-to-date on all machines? Scans should be run on a regular basis—at least once a week.
- Data encryption in place on all devices that store sensitive information?
- Electronic data is automatically backed up and can be restored in the event of human error, system failure or natural disaster?
- You and your employees know how to recognize — and avoid — phishing emails that may enter via business or personal email accounts?
- Controls are in place for third parties, such as consultants and independent sales representatives, requiring them to safeguard sensitive data?
- Malware protections for what may try to enter via:
- Business email accounts?
- The Internet (i.e., web browsers, web-based email)?
- Portable storage devices (e.g., USB sticks, iPods) cannot be connected to endpoint machines and download sensitive data without authorization?