During my time at #warnerbros, I would review the security controls of many small and medium-sized businesses that wanted to do business with Warner.
We'd have an elaborate security questionnaire that we'd send out to vendors to fill up and submit. Having reviewed countless of these questionnaires, I developed a process to help me quickly identify the gaps and recommend remediation for these gaps.
Now that I am on the other side of the fence, helping smaller companies pass security audits required by bigger companies, here are the top 5 things, I'd recommend for anyone to look good and feel secure.
#incidentresponse - Are you collecting all your logs in a centralized secure location and more importantly do you have a team to review the alerts generated by suspicious activities.
#patching - The simplest but often the most ignored one. Needs no explanation, hackers love. it when you have unpatched vulnerabilities from the 2010s.