Cybersecurity Checklist

Lack of separation between test and production data or environments

Use of unauthorized software or hardware

Sending and receiving of login credentials through unencrypted methods

Operating system not designed for high security

Inadequate or inconsistently enforced security policy

Attackers who impersonate employees over the phone persuading administrators to give out usernames, passwords, modem numbers, etc.

Too many or too few system administrators, or administrators who are highly pressured

Ignorance of security issues, such as lack of security awareness, guidelines, or proper documentation

Information or incorrectly classified or accidentally destroyed, modified, or disclosed

Unauthorized monitoring of sensitive data crossing the internal network

Subversion of DNS to redirect email or other traffic

Subversion of routing protocols to redirect email or other traffic

Analysis of ewaste to access sensitive documents or data

Equipment failure due to defective hardware, cabling, or communications system

Damage from natural disasters, such as fire, smoke, water, earthquakes, storms, and power outages

Equipment failure due to airborne dust, electromagnetic interference, or static electricity

Incorrect destruction of network interface devices, hard drives, computers, or media