December is the month with the highest number of incidents reported throughout the year, especially due to seasonal phishing and human error.
82% of breaches are due to human error or incorrect configurations (Verizon DBIR 2024).
This checklist is a practical guide that you can apply before the end of the year.
1. Updated asset inventory
40% of breaches involve forgotten or uninventoried assets (Gartner 2024).
Include:
- Computers
- Servers
- Licenses
- Active/inactive users
- Third-party access
- SaaS applications
2. Tested backups
It’s not enough to “have” a backup: you must ensure that it can be restored.
Validate:
- Recent restoration
- 3-2-1 rule
- Offline copy
- Integrity verification
Source: NIST SP 800-34.
3. Patches and updates
CISA notes that more than 50% of massive attacks exploit vulnerabilities that were patched months earlier.
Check:
- Windows Update
- Firewall firmware
- Servers
- Key applications
4. Privileged access and inactive users
The end of the year requires cleaning up: staff who have resigned, temporary suppliers, interns.
Eliminate:
- Orphaned users
- Duplicate accounts
- Unnecessary administrator roles
5. Antivirus/EDR working correctly
An expired antivirus is almost the same as not having one.
Validate:
- Latest update
- Active engine
- Sensors working
- Real-time detection
Source: AV-Test 2024.
6. Logs and records
CISA states that without logs there is no investigation or containment.
Check:
- Retention of at least 90 days
- Alerts configured
- Centralized export
This checklist not only prevents attacks; it prepares you for January audits.