Security Audit Checklist

Comprehensive checklist to audit your personal or business cybersecurity posture and identify vulnerabilities.

Complete Security Audit Guide

Use this comprehensive checklist to perform a thorough security audit of your digital environment. Work through each section systematically to identify gaps and strengthen your security posture.

Account Security Audit

☐

Password Inventory

List all online accounts and verify each has a unique, strong password with minimum 12 characters.

☐

Two-Factor Authentication

Enable 2FA on all accounts that support it, prioritizing email, banking, and social media.

☐

Recovery Options

Update recovery email addresses and phone numbers to current, secure contact methods.

☐

Inactive Accounts

Identify and close accounts you no longer use to reduce attack surface.

☐

Security Questions

Replace easily guessable security questions with random answers stored in password manager.

Device Security Audit

☐

Operating System Updates

Verify all devices are running latest OS versions with automatic updates enabled.

☐

Antivirus Software

Install and update antivirus/anti-malware on all computers and mobile devices.

☐

Firewall Configuration

Enable firewalls on all devices and verify proper configuration.

☐

Device Encryption

Enable full disk encryption on computers and encryption on mobile devices.

☐

Screen Lock

Set strong passwords/PINs and enable biometric locks on all devices.

☐

Find My Device

Enable remote tracking, lock, and wipe capabilities on all mobile devices.

Network Security Audit

☐

Router Security

Change default router admin password and update to latest firmware.

☐

Wi-Fi Encryption

Use WPA3 encryption (or WPA2 if WPA3 unavailable) with strong password.

☐

SSID Configuration

Change default network name and consider hiding SSID broadcast.

☐

Guest Network

Create separate guest network for visitors and IoT devices.

☐

VPN Usage

Install VPN software and use it on public networks and for sensitive activities.

Application & Software Audit

☐

Installed Applications

Review and uninstall unnecessary or unused applications from all devices.

☐

Software Updates

Update all applications to latest versions, enable automatic updates where possible.

☐

Browser Extensions

Review and remove unnecessary browser extensions, keep only trusted ones.

☐

Mobile Apps

Audit mobile app permissions and revoke unnecessary access to location, contacts, etc.

☐

Pirated Software

Remove any pirated or cracked software that may contain malware.

Data Protection Audit

☐

Backup Strategy

Implement 3-2-1 backup rule: 3 copies, 2 different media, 1 offsite.

☐

Backup Testing

Verify backups are working by performing test restore of important files.

☐

Cloud Storage Security

Enable 2FA on cloud storage accounts and review file sharing settings.

☐

Sensitive Data Encryption

Encrypt sensitive files stored locally and in the cloud.

☐

Secure File Deletion

Use secure deletion tools for permanently removing sensitive files.

Email Security Audit

☐

Spam Filtering

Enable and configure spam filters to block unwanted and malicious emails.

☐

Email Aliases

Use email aliases or disposable addresses for online registrations.

☐

Email Forwarding

Review and remove any unauthorized email forwarding rules.

☐

Connected Apps

Review and revoke access for third-party apps connected to email account.

☐

Phishing Awareness

Train yourself and family to recognize and report phishing attempts.

Social Media Security Audit

☐

Privacy Settings

Review and tighten privacy settings on all social media platforms.

☐

Connected Apps

Audit and remove third-party apps with access to social media accounts.

☐

Public Information

Review what personal information is publicly visible and limit exposure.

☐

Location Sharing

Disable automatic location tagging on posts and photos.

☐

Friend/Follower Review

Remove unknown or suspicious contacts from your networks.

Financial Security Audit

☐

Account Monitoring

Enable transaction alerts and regularly review bank and credit card statements.

☐

Credit Report Check

Review credit reports from all three bureaus for unauthorized accounts.

☐

Credit Freeze

Consider placing security freeze on credit reports to prevent unauthorized accounts.

☐

Digital Wallet Security

Enable biometric authentication and transaction limits on digital payment apps.

☐

Subscription Review

Audit recurring charges and cancel unused subscriptions.

Physical Security Audit

☐

Document Storage

Securely store sensitive documents in locked, fireproof location.

☐

Shredding

Shred documents containing personal information before disposal.

☐

Mail Security

Use locked mailbox and collect mail promptly to prevent theft.

☐

Device Protection

Use cable locks for laptops and keep devices secure when traveling.

Audit Schedule & Maintenance

Regular audits ensure ongoing security. Follow this maintenance schedule:

Monthly

Check for software updates, review account activity, verify backup status

Quarterly

Password review, permission audit, credit report check

Semi-Annual

Full security audit, privacy settings review, inactive account cleanup

Annual

Comprehensive security assessment, update response plans, review insurance

Next Steps

After completing your security audit:

Document identified vulnerabilities and prioritize fixes by risk level
Create an action plan with specific tasks and deadlines
Implement fixes systematically, starting with highest-risk items
Schedule follow-up audits to verify improvements
Consider professional security assessment for business environments

More Security Tools

→ Password Hygiene Checklist → Privacy Settings Templates → Breach Response Kit → All Tools