IT security begins with a plan and a checklist. The list provided in this article outlines steps that should be taken as part of a comprehensive approach.

Network Inventory

  1. Document IP-based assets
  2. Create a network diagram
  3. Create a list of all applications used within the company


  1. Create user account policies
  2. In Group Policy, enable complex passwords, account lockout, password expiration, and auditing
  3. Require unique logon IDs
  4. Require multi-factor password authentication for all cloud-based applications
  5. Hard drive encryption – use Microsoft Bit Locker with TPM to encrypt PC hard drives, and external backup drives
  6. Patch management – enable for servers and PCs (Microsoft and third-party vendors)
  7. Endpoint Protection — purchase antivirus/anti-malware agents for the PCs and servers
  8. Remote network access — lock down to VPN access only
  9. Monitoring – perimeter firewall, Active Directory, Windows security event logs
  10. Consider Intrusion Detection/Intrusion Prevention Systems
  11. Physical Security– install locks on LAN room and telco closet


  1. Employee handbook (as it pertains to IT)
  2. Acceptable Use Policy section in Employee Handbook
  3. Employee security awareness training
  4. IT Security Policy and Procedures
  5. Vendor management
  6. Risk Assessment and Gap Analysis
  7. Change/Control
  8. Data backup
  9. Equipment rotation schedule and decommissioning process

Business Continuity and Disaster Recovery Planning

  1. Business Continuity/Disaster Recovery Plan (keep at least one copy offsite)
  2. Offsite data backup and server recovery capability
  3. Second internet circuit configured for automatic failover
  4. Annual Disaster Recovery testing
  5. Periodic data backup/recovery testing

Vulnerability Scans and Penetration Testing

  1. Quarterly testing and remediation report (scan with admin rights for most useful feedback on vulnerabilities)

Periodic Review

  1. Review authenticated users and computers (review in Active Directory)
  2. Review users with elevated privileges (aka admin rights)
  3. Create an annual IT Budget — outline requests for new and replacement technology
  4. Create a three-year Strategic Plan (also known as an IT roadmap)

How can Computer Showcase help you?