The Essential Security Risk Assessment Checklist to Improve Your Online Protection
Does your protection include these basic and must-have security measures?
It’s great that you’re on this blog, reading about cyber security and what you can do to improve your protection from hacker attacks. And we also know you’re probably incredibly busy, as everyone else is, and have little to no time to apply all the good advice you read.
This is why we thought you could use a starting point, a guide you can use to do a personal security risk assessment, so you can then take the necessary actions to improve your protection from cyber attacks.
In order for you data to be secure, it has to check 3 important factors. We want our information to:
- be read by only the right people (confidentiality)
- only be changed by authorized people or processes (integrity)
- be available to read and use whenever we want (availability).
When going through the questions below and answering them honestly (no grades will be given), keep in mind these three principles. This security risk assessment is not a test, but rather a set of questions designed to help you evaluate where you stand in terms of personal information security and what you could improve.
Answer these 11 questions honestly:
1. What type of information do you have stored on your computer (pictures, work documents, applications, passwords, etc.)?
It will be really useful to make a list of the different types of information you have stored:
- Locally, on your computer
- Online, in different apps (cloud based or not) and on various websites.
Do you have personal emails, work documents, confidential corporate data, photos and videos of your family or personal information, such as banking credentials or passwords?
2. Which online services do you use more often?
Think of the online services you use on a daily or weekly basis. You could list:
- Online shopping
- Social networking
- Online banking
- News websites
- Download portals
- Chat applications, etc.
3. Once you’ve made this list, define how valuable each asset is to you.
You can use three degrees of importance: “low”, “medium” and “high”. Define this value based on the potential cost (financial, reputational or emotional) of an unauthorized person gaining access to that piece of information or service.
- Online banking password – high value
- Playlist stored on your music streaming service – low value.
4. How do you keep your sensitive information safe?
As part of your security risk assessment, make a list of the security measures you take to protect each of the assets that are of high value to you. Here are some key things to check:
- Do you use strong passwords?
- Do you use passwords for both online applications and your devices?
- Do you use two-step authentication, where available?
- Have you set security questions for the services that have this option?
- Do you have your email accounts connected, so you can regain access to one of them if anything happens?
- Did you list your phone number, where possible, to receive alerts for security problems?
5. What kind of security are you using?
Do you have an antivirus solution installed? Do you update it regularly? And, most of all, do you know that antivirus is not enough?
In order to understand why antivirus is not enough, you’ll need to learn about the difference between an antivirus and an anti-spyware product. To put it briefly:
- When you’re already infected, antivirus programs detect if a virus is on your PC and they remove it.
- But what you need is not to get infected in the first place.
- So that’s why you need a tool that can work proactively to detect and block malware.
- Another layer of protection you could use is a firewall and even an encryption application that can ensure that your data won’t be accessed in case your gadgets are stolen.
Before choosing any cyber security product, make sure to do some research and learn about what the product offers, check AV testing websites (AV Test, AV Comparatives, Virus Bulletin, PC Mag) and other reviews that compare options, so that you can make the best choice for you.
6. What security software are you using against financial and data stealing malware?
Cyber attacks directed at collecting financial information and leaking confidential data are increasing in numbers and severity. This is why, in order to conduct online transactions with peace of mind, browse the web securely and keep your private information secure, you’ll need a dedicated product.
In order to get protection against financial malware, the solution you need should:
- include a real-time Internet traffic scanner that scans all incoming network data for malware and blocks any threats it comes across
- be able to provide malware detection and removal of malicious software that has already been installed onto a computer
- have a website security scanner feature that checks the website you want to visit, detects malware and blocks it.
Learn more about
The Top 10 Most Dangerous Malware That Can Empty Your Bank Account
Notorious and advanced malware, such as Zeus GameOver (P2P), Cryptowall, CTB Locker, Hesperbot and more, are responsible for causing terrible financial losses for those who get infected. And what makes them even more dangerous is the fact that they constantly transform, thus going undetected by antivirus products. This is exactly why you need an additional layer of protection – a first line of defense. And you could also find this financial security guide helpful.
7. Are you using a back-up solution for your operating system or for your vital information?
Keeping your data backed up is crucial for your cyber security plan. Evaluate your options: would you rather use an external drive or a cloud based solution? Weigh in the pros and cons for each, but be sure to keep the essential information you deem valuable safe.
Back-up your data regularly in order not to lose important progress you’ve made. There’s even a World Backup Day celebration happening on March 31 to help you remember!
8. How do you protect your shared documents (e.g. Google Docs) or gadgets (computer, tablet, etc.)?
Do any other people use your gadgets? Have you set up guest accounts for them or do they have access to the administrator account? Do you have kids that use your gadgets (and have you taught them about information security)?
I know these seem like a lot of questions, but the human factor is the most common cause for cyber attacks, because hackers know how to manipulate and trick the vulnerable categories into revealing information or installing malicious software.
Also, keeping a back-up of shared documents and files could save you the trouble of having to do the work all over again if someone should delete or modify those files. When possible, be sure to offer view-only permission and regularly check who has access to confidential information (after a colleague’s departure from the company, after a break-up with a spouse or boyfriend/girlfriend, etc.).
Maintain a vigilant attitude and, to the extent that you can, try to share valuable these what you’ve learnt from this security risk assessment with those around you, especially with the people you shared gadgets or accounts and documents stored in the cloud with.
9. How do you manage your passwords?
You’ve probably accumulated plenty of passwords by now, which is what makes it so difficult to manage them. You may be tempted to use the same password more than once and make it easy to remember, but, by all means, NEVER do that!
The safest way to manage your passwords is to use a password manager application, like LastPass. You should use a generator to create long, complicated passwords and store them in LastPass, and NEVER, EVER store them in your browser.
This is especially recommended if you’re using your personal device at work. Don’t forget to password-protect your devices as well, and remember to log off each time you leave them unattended.
It may take a bit to set things up at first, but, when you’re done, you’ll have more peace of mind and have a simpler way to manage your passwords.
10. Do you regularly update the software you use?
Do you have Oracle Java, Adobe Reader or Adobe Flash on your computer? We know that the answer is “yes” in 99% of the cases. It’s essential to know that these types of software are notorious for their vulnerabilities, if left outdated.
It is absolutely necessary to keep them up to date and prevent any security holes. But it’s not at all comfortable to receive those update requests every day, so that’s why we recommend a hassle-free option: a solution that can automatically update and patch these vulnerable software types for you. It usually works silently, in the background, so you won’t even know it’s there.
Also, each time you reinstall your Windows operating system, make sure to take the appropriate steps to ensure its (and your) protection.
11. Can you identify the main types of cyber attacks?
Another essential ability to teach yourself is to be able to recognize a potential threat or attack. You need to be able to differentiate between spam, phishing attacks, malware, etc. so you can prevent a virus from penetrating the system and leaking data to hacker-controlled servers.
Here are some of the virus types you should read more about:
- Infectious malware (virus, computer worm)
- Concealment viruses (Trojans, backdoors, rootkit, clickjacking, etc.)
- Malware for profit (privacy-invasive software, adware, spyware, botnet, keystroke logging, web threats, malbot, scareware, ransomware, etc.)
The key to preventing major data leakage and minimizing the consequences of a cyber attack is to be able to detect it and know what to do about it. You can become an important asset to your own cyber security defenses if you can learn about cyber security threats and get adequate protection.
It’s recommended to use products that can monitor your Internet traffic, both outgoing and incoming, and block infected websites, issuing a warning. This type of protection can also guarantee that your data will be safe, by blocking communication between your system and the hackers’ servers.
One of the most common and dangerous type of cyber attacks that hackers engineer are called “social engineering” strategies. These attacks entail the psychological manipulation of the victim to trick the person into divulging confidential information. The purpose can be information gathering, fraud, or system access.
So ask yourself: do you reply to e-mails received from unknown people? Do you trust strangers and talk openly about your digital assets? Think about how you behave online and then adjust your habits so that you can become your own layer of protection.
Hopefully, this security risk assessment has served its purpose and has helped you consider some important details when it comes to your financial information security and the protection of your confidential data.
Which of the questions included in the checklist was new to you and found helpful?