Cybersecurity Checklist

1. Have you set active DMARC and DKIM policies?

Weekly review recommended

2. Do you regularly tune your email security solutions?

Weekly review recommended

3. Have you implemented enhanced analytical rules to detect and prevent malicious content?

4. Do you have MFA policies that are comprehensive and applied to all users and groups?

5. Do you regularly review and update MFA policies to close any gaps?

6. Do you avoid over-reliance on MFA as the sole method of security?

7. Are all systems regularly patched to address known vulnerabilities?

8. Are your Incident Response plans updated and tested regularly?

Test 2 areas every 3 months

9. Have you implemented monitoring for significant file extension changes or unusual file movement?

Weekly review recommended

10. Do you regularly review and resolve any conflicting Entra conditional access policies?

Monthly review recommended

11. Do you regularly audit and remove unused Azure privileged rights or left user accounts?

Weekly review recommended

12. Have you implemented strict policies for account creation and deletion to avoid unnecessary privileged accounts?

13. Have you restricted App registration capabilities to authorised users only?

14. Do you regularly review App registration permissions and adjust as necessary?

15. Do you avoid using known weak passwords for any account?

16. Do you prohibit password storage in browser applications?

17. Do you avoid using wildcard certificates for key public-facing services?

18. Do you verify that all public-facing services and protocols have correct, non-expired certificates?

Monthly review recommended