Cybersecurity and Internal Audit Part 2 of 4

November 15, 2023

Is Your Business at Risk? Find Out with Our Cybersecurity Checklist: Part 2 of 4

Do your cybersecurity policies measure up

cybersecurity policies

Once you've gathered all of your company's existing security policies, it's time to start the audit proper. The first step is to ensure that the policies align with current regulations. This includes both industry-specific regulations (like HIPAA for healthcare companies) and general cybersecurity best practices.

Next, take a close look at the content of the policies themselves. Are they comprehensive? Do they cover all aspects of cybersecurity, from data security to employee training? If not, then it's time to make some changes.

Finally, ask yourself whether the policies are actually being followed. Do you have procedures in place to enforce them? Are employees trained on how to follow them? If not, then it's time to make some changes to be sure that your company's cybersecurity policies are up to date and effective.

Help With Security Policies

Bringing chain of custody to your cybersecurity

chain of custody to your cybersecurity

A chain of custody is important for security auditing purposes because it can help to track and monitor who has accessed information, when they viewed it, and what other actions they took with the data. This type of documentation can be useful in investigations or other legal proceedings where data ownership is called into question. By having a clear chain of custody, businesses can help to protect their data and ensure that it is not being mishandled or misused.


More information on chain of custody from the Cybersecurity & Infrastructure Security Agency (CISA)


How sensitive is your data?

sensitive data

It's important to be aware of the various types of sensitive data that you may be collecting and storing. This includes information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, financial information, and classified information.

It's essential to protect this type of data accordingly, in order to comply with GDPR requirements. There are a number of steps you can take to ensure your data is secure, such as encrypting it, using access controls, and creating backups. By taking these precautions, you can help safeguard your business against potential cyber threats.


See the GDPR Official Checklist for Data Controllers

Help Protect My Data
A logo for cyber security consultants protecting small businesses for 20 years.

Exciting News: Essential Consulting is Now Cybersecurity Consultants

November 11, 2024
Essential Consulting is now Cybersecurity Consultants! After over 20 years of protecting small businesses with cybersecurity-focused IT services, we’ve rebranded to better reflect our commitment to security. Discover what this change means for our clients and how our trusted team will continue providing expert cybersecurity support.
Yubi Key

Yubi Keys

September 20, 2024
Looking for an extra layer of protection for your online accounts? YubiKeys are a great option for you. Read to learn more about this extra security measure!