Data is your most valuable business asset…how well is your data protected?...your customer's / vendor's data?
In today’s complex world of cybersecurity threats, laws, and regulations that are ever-changing and ever-evolving, it’s nearly impossible to say you’re 100 percent compliant with all standards at all times.
If you have a Web Site…you are an international company!
61% of data breaches directly affect small businesses.
Insurance companies increasingly require a copy of your security plan, emergency planning documents, business continuity plans, and security management plans that all can affect your rate.
Key Definitions
PII Personally Identifiable Information - Any information that can be used to distinguish one person from another.
Digital Asset – digital content, text, media...
Examples of Digital Assets - Business photos, business websites or blogs, business processes, applications/software, email, contact / client / customer lists, subscriptions to online journals, intellectual property (IP) [copyrighted material, trademarks service marks (i.e. your company's logo), patents], products in an online store.
Spoofing and Phishing - techniques used by scammers to mislead e-mail recipients. ... Spoofing is a technical measure used to change the apparent sender details on an e-mail, while phishing is an attempt to make the recipient hand over sensitive information such as log-in details.
Two Factor Authentication - security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access.
Plan, Record, and Protect Your Business' Digital Content
Plan
Locate Digital Assets
List Digital Assets
Plan of Action and Milestones (POA&M) - A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.
Emergency Planning Documents, Business Continuity Plans, and Security Management Plans
Record
Carefully identify and record each detail of each asset
Digital backup records
Protect
Non-Disclosure Agreements – every interaction, discussion, etc.
Every relationship / partnership /vendor etc. should have a written agreement
Training
Write clearly defined steps to take in an emergency: Web Site, Employee Handbook, Breakroom
Send email reminders of security best practices
Before and after holidays
After an incident
Send / put notes on paycheck
Copyright, Patent, Trademark
Backup
Backup 1 2 3 Rule
The 3-2-1 backup rule is an easy-to-remember acronym for a common approach to keeping your data safe in almost any failure scenario. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
Testing
Routinely test all communication channels
Routinely spot test staff’s responses to phishing
Security
Two Factor Authentication
Require Strong passwords 12 digit minimum at least
Up-to-date antivirus anti-malware software
SSL Certificates for Web Site Domains
Firewall Security for Your Internet Connection
Mobile Device Action Plan
Control Physical Access to Your Computers
Create User Accounts for Each Employee
Limit Employee Access to Data and Information, Limit Authority To Install Software
Information Resources
SBA https://www.sba.gov/business-guide/manage-your-business/small-business-cybersecurity
FCC https://www.fcc.gov/general/cybersecurity-small-business
Entrepreneur Magazine What Small Business Owners Need to Know About Cybersecurity https://www.entrepreneur.com/article/299387
Entrepreneur Magazine Biggest Cybersecurity Threats Facing Small Businesses Right Now https://www.entrepreneur.com/article/307749
Internet Security Alliance Free training materials, security configuration guides http://www.isalliance.org/
Microsoft Cybersecurity Tips and Technology for Small Businesses https://www.microsoft.com/en-us/store/b/microsoft-small-business
Small Business Solutions from StopBadware http://stopbadware.org/
U.S. Chamber of Commerce Internet Security Essentials for Businesses 2.0 https://www.uschamber.com/CybersecurityEssentials
FICO and U.S. Chamber of Commerce Assessment of Cyber Security Risk Report https://www.uschamber.com/cyber-abc/#/
Security and Data Management means having Emergency Planning / Business Continuity / Security Management Plans, Asset Records, routine Backups, antivirus anti-malware software, and much more…are you data assets protected?
Let IAS help…
We have built Security and Data Management solutions with Data, Security, and Risk frameworks, templates, and tools for businesses of all sizes, designed to be scalable for flexibility and offers a turn-key solution that will work seamlessly within your organization.
InfoAge Solutions (IAS) is a premier Business Technology Service Provider that works with organizations, hands-on, to identify and implement proven business practices, strategic frameworks, infrastructure processes, staff development, and leading-edge technology solutions.
https://www.infoagesolutions.net/contact