AI Security Checklist | Mizcomputer Digital
AI Security NY SHIELD Act 26-Point Assessment
Is Your Business AI-Ready
& Secure?
Organizations that conduct regular AI security audits experience a 65% drop in successful breaches. Take this free 26-point checklist to find out exactly where your business stands.
⏱ Under 5 minutes 🔒 100% Confidential 📋 26 Security Controls 💲 Completely Free
5 CategoriesData, Access, AI Tools, Incidents & Compliance
Instant ScoreKnow your risk level the moment you finish
Action PlanClear next steps prioritized for your business
Step 1 of 2 — Your Info
Tell Us About Your Business

We'll use this to personalize your security report. Your information is kept confidential and never sold.

Please fill in all required fields.

🔒 Your information is confidential and never shared or sold.

Completed: 0 of 26 0%
Complete the checklist to see your risk level
🔒 Data Protection & Privacy
Encrypt data at rest and in transit
All client files, emails, and stored data should be encrypted
Maintain detailed access logs
Know who accessed what data and when
Follow data minimization principles
Only collect data you actually need
Comply with NY SHIELD Act requirements
Reasonable safeguards for all NY resident data
Document data retention and deletion policies
How long do you keep client data? When is it deleted?
🔑 Access Control & Authentication
Enable Multi-Factor Authentication (MFA)
Required on email, banking, CRM, and all critical accounts
Implement Role-Based Access Control (RBAC)
Staff should only access data their role requires
Review and audit user permissions regularly
Remove access when roles change or staff leave
Use strong, unique passwords for all accounts
Consider a password manager for the team
Restrict AI tool access to authorized users only
Not every employee needs access to every AI system
🤖 AI Tools Governance
Inventory all AI tools in use
Include ChatGPT, Copilot, Grammarly, Jasper, etc.
Written policy on AI tool usage with client data
What data can and cannot be entered into AI tools?
Train staff on AI data risks
Samsung lost sensitive data through employee AI misuse
Prohibit entering PII/sensitive data into public AI
Social Security numbers, financial data, health info
Review AI tool vendor privacy policies
Does the vendor train on your data? Where is it stored?
Address Shadow AI usage
Unauthorized AI tools employees may be using without approval
⚡ Incident Response & Recovery
Written incident response plan exists
What happens in the first 24 hours after a breach?
NY SHIELD Act breach notification procedure
Required: notify affected NY residents promptly
Staff know who to contact in a breach
Clear chain of communication and escalation
Regular data backups with tested restore process
Backups are worthless if you can't restore from them
Cyber insurance coverage reviewed
Does your policy cover AI-related incidents?
📊 Monitoring & Compliance
Real-time monitoring for unusual activity
Alerts for failed logins, unusual access patterns
Regular security assessments (quarterly)
Identify new vulnerabilities as threats evolve
Staff security awareness training
Annual minimum — more frequently is better
Software and systems kept up to date
Unpatched systems are the #1 entry point for attackers
Written Information Security Program (WISP)
IRS-required for tax professionals — recommended for all
Your AI Security Report
--
Security Score
--
Score
--
Completed
--
Risk Level
Priority Breakdown
Recommended Next Steps
22–26 ✓Strong posture. Schedule quarterly review to maintain compliance.
15–21 ✓Moderate risk. Address priority gaps within 60 days.
8–14 ✓Elevated risk. WISP implementation recommended immediately.
0–7 ✓Critical risk. Immediate action required — schedule your WISP Assessment.

Ready to Close Your Security Gaps?

Mizcomputer Digital provides hands-on WISP implementation, AI governance policies, staff training, and full NY SHIELD Act compliance guidance — tailored to your business.

📅 Book a Free Consultation Take WISP/Shield Act Audit