Q: Is There A Cybersecurity Checklist That Is Practical for Our Small Firm?
A: Check out the GCA Cybersecurity Toolkit for Small Business from the Global Cyber Alliance (GCA).
The Global Cyber Alliance is a nonprofit organization dedicated to making the Internet a safer place. The founding members are the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security.
Streamlined for small businesses, the Cybersecurity Toolkit gives practical advice and how-tos you can follow to reduce your risks. You don’t need to be a technological whiz to use the tools. With cybercrime against small firms on the rise, it’s well worth your while to improve your protection.
The Cybersecurity Toolkit offers these advantages:
- Recommendations are less time-consuming than typical checklists and plans.
- It covers good, free tools you can use right away.
- The purpose of each tool is explained in brief, comprehensible language.
- The toolkit website navigation is well-organized, supporting step-by-step actions.
- Each tool has an estimate of the time you’ll need to use it, typically 15 minutes.
The tools are collected on a webpage divided into six main topics: (1) Know What You Have, (2) Update Your Defenses, (3) Beyond Simple Passwords, (4) Prevent Phishing and Malware, (5) Backup and Recover, and (6) Protect Your Email and Reputation.
Each of these main topics is expanded into subtopics. For example, the third topic, Beyond Simple Passwords, contains the subtopics Strong Passwords, Tools for 2FA, and Manage Your Passwords.
An example of one of the tools recommended by GCA is Fing, an application that lists an inventory of all the wired and wireless devices connected to your office network. The free version is ad-free with a good subset of comprehensive features. An inventory of your devices is important so that you can keep them all protected with security releases and upgrades.
A missing tool in the Cybersecurity Toolkit is one that lists all the software installed on your computers. Instead, it offers an Excel spreadsheet template that requires you to manually collect the installed software programs and list them in the spreadsheet rows. It estimates the required time at four hours. Forget about that!
Let me suggest a free software inventory program from a trusted source that identifies and lists your software for you. It requires no installation. Run UninstallView from NirSoft.com on each of your PCs to get a list of all the installed programs for each computer.
UninstallView is designed to allow quick uninstallation of any application, but it serves very well as an inventory utility. To use it:
- Copy three files out of the downloaded Zip file to a folder on the C: drive.
- Double-click on UninstallView.exe.
- Click on the column heading for Install Location to sort the programs by folder.
- Review the programs in the C:\Program Files (x86) and C:\Program Files folders for any that should not be there.
- You can uninstall unwanted programs easily, but be sure you know what you are doing so that you don’t break Microsoft Windows!
You can seriously reduce your risks by implementing the recommendations of the Cybersecurity Toolkit for Small Business. You would also be wise to work with a trusted cybersecurity expert who has small-firm experience. Their work can be less involved and less expensive when you already have a good checklist and have many of the basics covered.
Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120, www.securemyfirm.com—we protect small firms from cyber threats with affordable, multiple layers of defense.