Think back to the last time you went to the doctor to get something checked out. You were experiencing some symptoms that led you to think that something might be wrong, so you made a trip to the doctor’s office to get a professional diagnosis.
Sometimes the symptoms can be easily treated with rest or medicine. Other times, the symptoms are indicative of a larger and more complex medical issue that requires a more robust treatment plan.
It’s important to periodically check yourself for new symptoms because sometimes early detection can mean the matter of life and death.
The same goes for the IT and security health of your organization. Without occasional health checks, you may be unaware of larger and more complex issues that may have dire implications.
To help you perform an occasional self-check on your organization’s IT and security health, we’ve compiled a list of questions you can ask to identify any symptoms and determine if there may be a larger issue that needs to be addressed.
Editor’s Note: Are you looking to improve the security posture of your organization? Download our FREE Cybersecurity Toolkit, which includes handy desk reference guides, posters and checklists that you can share with your teams.
- Have you experienced unexpected downtime of your core applications?
- How would you get your patients and clients access to their sensitive data if there were an extended power outage?
- Has the availability of your core applications been affected by a virus outbreak, phishing attack or malware download?
- Are your users often frustrated because of computer slowness?
- Has computer slowness ever disrupted or prohibited patient care or a client meeting?
- How many people handle the day-to-day IT operations for your organization? If the answer is “one,” what would happen if that person quit tomorrow or is otherwise unable to come into work?
- Is your server room secured? Do you have a list of people with authorized access?
- Do you have current BAAs (Business Associate Agreements) in place with all required parties?
- Do you have anti-virus software installed and is it up-to-date?
- Is your staff required to use complex passwords? How often are they required to change them?
- Does anyone know your password?
- Could your receptionist access sensitive data in your core applications?
- Have you had a third-party IT and security risk assessment?
- Would your staff know what to do if they encountered malicious software?
- Do your users walk away from workstations without locking them?
- Have you defined “security” in your security policy?
- Do you have a named Security Officer?
- Do you have a named Compliance/Risk Officer?
Backups and Disaster Recovery
- Have you accidentally deleted something and were told it couldn’t be restored?
- Is your data stored off-site? Do you know where?
- Do you have an effective change management process in place?
- Have you replaced a copier in the last year? Was your IT department involved?
- Are all users required to complete Security Awareness Training? If yes, how often is it completed and when do new employees receive it?
- Have you defined “incident” in your incident response policy?
- Can you look at what changes were made to your IT environment in the last week? Do you know what changes are coming next week?
- Do you routinely meet with key IT vendors to do proactive planning, budgeting and coordination of efforts among all vendors?
- Do you review policies annually?
- Do you have the following policies in place, managed and updated?
- Security Policy
- Vendor Management/Third Party Policy
- Password Policy
- Teleworking Policy
- Mobile Device Policy
- Disaster Recovery Policy
- Business Continuity Policy
Don’t jump to conclusions!
Your organization may be experiencing one (or a couple) of these symptoms, but it doesn’t necessarily indicate you have a larger problem. Sometimes you get a sore throat just from talking too much, not because you have strep throat. However, just like with your own personal health, if you identify some of these symptoms, invest the time to get a professional’s opinion.
You never know if that minor symptom might uncover a much larger disease.