Marsh - Cyber Checklist

Do you maintain daily offline back-ups of all critical data?

Before any change is made to a third party’s account details do you obtain authorisation from the third party via an authentication method which is different to the original method used to request the change?

Before you transfer funds to an account that you haven’t paid into before do you obtain authorisation from the recipient of the funds via an authentication method which is different to the original method used to request the transfer?

Do you provide all clients with a written warning that if they receive a request via email to make a change to any of their account details and/or to transfer any funds that they must not respond to the email and that they must contact you immediately?

Do you have two-factor authentication?<br><br>Where a user authenticates themselves through two different means when remotely logging into a computer system or web based service. Typically a password and a passcode generated by a physical token device or software are used as the two factors.

Do you have database encryption?<br><br>Where sensitive data is encrypted while it is stored in databases. If implemented correctly, this can stop malicious actors from being able to read sensitive data if they gain access to a database.

Do you have mobile device encryption?<br><br>Encryption involves scrambling data using cryptographic techniques so that it can only be read by someone with a special key. When encryption is enabled, a device’s hard drive will be encrypted while the device is locked, with the user’s passcode or password acting as the special key.

Do you have perimeter firewalls?<br><br>Hardware solutions used to control and monitor network traffic between two points according to predefined parameters.

Do you have a web application firewall?<br><br>Protects web facing servers and the applications they run from intrusion or malicious use by inspecting and blocking harmful requests and malicious internet traffic.

Do you have advanced endpoint protection?<br><br>Software installed on individual computers (endpoints) that use behavioural and signature based analysis to identify and stop malware infections.

Do you have an intrusion detection system?<br><br>A security solution that monitors activity on computer systems or networks and generates alerts when signs of compromise by malicious actors are detected.

Do you have a system for data loss preventions?<br><br>Software that can identify if sensitive data is being exfiltrated from a network or computer system.

Do you use DDoS mitigation?<br><br>Hardware or cloud based solutions used to filter out malicious traffic associated with a DDoS attack, while allowing legitimate users to continue to access an entity’s website or web-based services.

Do you use DMARC?<br><br>An internet protocol used to combat email spoofing – a technique used by hackers in phishing campaigns.

Do you use DNS filtering?<br><br>A specific technique to block access to known bad IP addresses by users on your network.

Do you undertake employee awareness training?<br><br>Training programmes designed to increase employees’ security awareness. For example, programmes can focus on how to identify potential phishing emails.

Do you have an incident response plan?<br><br>Action plans for dealing with cyber incidents to help guide an organisation’s decision-making process and return it to a normal operating state as quickly as possible.

Do you use application whitelisting?<br><br>A security solution that allows organisations to specify what software is allowed to run on their systems, in order to prevent any non-whitelisted processes or applications from running.

Do you have an asset inventory?<br><br>A list of all IT hardware and devices an entity owns, operates or manages. Such lists are typically used to assess the data being held and security measures in place on all devices.

Do you collect custom threat intelligence?<br><br>The collection and analysis of data from open source intelligence (OSINT) and dark web sources to provide organisations with intelligence on cyber threats and cyber threat actors pertinent to them.

Do you run penetration tests?<br><br>Authorized simulated attacks against an organisation to test its cyber security defences. May also be referred to as ethical hacking or red team exercises.

Do you have security info & event management system (SIEM)?<br><br>System used to aggregate, correlate and analyse network security information – including messages, logs and alerts – generated by different security solutions across a network.

Do you run vulnerability scans?<br><br>Automated tests designed to probe computer systems or networks for the presence of known vulnerabilities that would allow malicious actors to gain access to a system.

Do you use web content filtering?<br><br>The filtering of certain web pages or web services that are deemed to pose a potential security threat to an organisation. For example, known malicious websites are typically blocked through some form of web content filtering.