Are You Doing Your IT Due Diligence?

The words “due
diligence” may make you think of a courtroom drama on television. Surely,
that’s something only lawyers have to worry about? Not so fast. Due diligence
is something your business can be doing, too. Are you covering the basics?

Don't Leave your Business Vulnerable

Due diligence is
about taking care and being cautious in doing business. It extends to how you
manage your technology, too. You may think you’re immune to a data breach or
cyberattack, but cybercriminals can target you regardless of business size or
industry sector.

Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.

Due diligence
Are You Doing Your IT Due Diligence?

What due Diligence Involves

Technological due diligence requires attention to several areas. Generally, you’ll need to show the following:

1. Each staff Member has a Unique Login

Require complex, distinct passwords. Educated your people to protect these (e.g. not write them on stickie notes that sit on their desktop).

2. You have a Process in Place for Regular Data Backup

We recommend a 3-2-1 backup strategy. Keep three copies of your business data. One on the cloud with the other two on different devices (e.g. on your local computer and on a backup USB drive).

3. You patch and Upgrade Security Consistently

Ignoring those reminders and waiting for the next release is risky.

4. You’ve Installed Antivirus Software

You won’t know your computers are infected until it’s too late. Be proactive.

5. Email Filtering is in place

These filters help protect your business from spam, malware, phishing, and other threats.

6. You have Firewalls

You have installed firewalls to monitor and control ingoing and outgoing network traffic.

7. You Limit user Access

Instead of giving everyone full access, set conditions based on role and responsibility. This approach minimizes vulnerabilities.

8. You have Security Procedures

There are physical security procedures to limit access to your environment. You might install security cameras, fence a perimeter, and require RFID scanning in protected areas.

9. Bring your own Device Policy

If your company lets employees use their own phones, laptops, or tablets, have a Bring Your Own Device (BYOD) policy in place. Installing mobile device management software is useful, too (and we can help with that!)

10. Keep Testing your Security

You test your security, too. You can’t take a set-and-sit approach to securing your network, systems, and hardware. Ongoing testing will help you identify risks, repair vulnerabilities, and protect your business.

It can also
help you to prove that you’re being diligent by:

  • keeping copies
    of any training provided and employee handbook messaging; 
  • updating your
    organizational chart regularly;
  • vetting
    contractors/vendors before granting them access;
  • having a
    policy in place that quickly denies access to any former employees;
  • inventorying
    all devices on your network.

Protect your Business

IT due
diligence protects your business. Meeting these security standards can also cut
costs and preserve your brand reputation. Demonstrating vigilance helps you
avoid hefty compliance or regulatory fines and fight litigation. In the event
of legal action, you'll also want to prove the efforts you made. So, be sure to
thoroughly document all IT security efforts.

Due diligence doesn’t have to be difficult. Cumbria Computer repairs can help you determine the best preventative measures for your organization. Some business risks will pay off, sure, but when it comes to your IT, caution will have the best results.

Please call Cumbria Computer Repairs on 01228 576090 or 01228 217100 for all your tech compliance enquiries.

Visit our website at

What Is a VPN and Why Do I Need One?
Is Your Tech Partner a Team Player?

Related Posts

By accepting you will be accessing a service provided by a third-party external to