; Cyber Security Checklist | First Commonwealth Bank Skip To Content

Cyber Security Checklist

Cyber security is a constantly changing threat landscape that can leave your organizations vulnerable. These measures can help protect your organization.

Password Integrity

You need a password policy for accessing company systems. For example, require passwords that include letters, numbers, symbols, case sensitivity and length. You could include a policy on how often passwords must be changed. This can often be enforced using software settings.

Multi-Factor Authentication (MFA)

Multi-factor Authentication (MFA) is an authentication method that requires users to provide additional credentials to gain access to an application, online account, or a network. It usually involves a special code being sent to the user’s phone either via text message or an application on their phone.

Record how you will use MFA in your business. Adding Multi-Factor Authentication to your accounts helps protect against many of the biggest threats to your data such as phishing attacks, brute-force attacks and password reuse.

Email Security

Lock your email so only authenticated users can send emails from your domain. Email can be hacked to send spam that appears like emails sent from your email accounts. Using spam filters, quarantines and the correct SPF, DKIM and DMARK records in your domain setup can all help secure your email. If you use third-party services for email (for example, email newsletters, forms on your website, etc.) then adding these records can also improve deliverability.

These records can be found in your domain settings. If you cannot do this yourself, consult a domain expert to check these for you.

Consider using an email monitoring service that can check if your emails are being delivered and whether anyone is trying to use your email address to send phishing emails.

Secure Wi-Fi

Make sure your networks are secured with complex passwords to prevent anyone hacking in from outside your business. If you offer Wi-Fi access for your customers, this should be on a separate network to your internal systems.