Don’t believe because you’re a small business that cybercriminal and hackers will skip over you in favor of the bigger fish. The idea that you don’t have anything valuable to steal is common among small business owners and certainly the posture that hackers are hoping to find. If you think your business is too small or insignificant to tempt a cybercriminal, think again.
They are not always seeking money, although if they secure your banking information it’s a welcome bonus. Hackers want information, such as customer names and contact information.
A solid Cyber Security Plan is a proactive way to protect your digital assets. It's also one that small businesses often fail to implement because they don't know where to begin.
Here is our step-by-step guide to creating a comprehensive and effective cybersecurity plan.
1. Gather Data This includes
Customer data - account records, transaction accountability and financial information, contact and address information, purchasing history, buying habits and preferences
Employee information - payroll files, direct payroll account bank information, Social Security numbers, home addresses and phone numbers, work and personal email addresses.
Company information - company financial records, marketing plans, product designs, and federal and state tax records.
At a minimum your policy should address the following types of data;
3. Data Classification Common data classifications include:
Highly Confidential. Information that is intended for use within your company and unauthorized disclosure could seriously impact your company's business partners, vendors and customers in the short and long term. It includes Personally Identifiable Information (PII), customer information and personal health information.
Sensitive. Information you would consider to be private such as employee personal evaluations, internal audit reports, various financial reports, product designs, partnership agreements, marketing plans and email marketing lists.
Internal Use Only. This classification applies to sensitive information that is generally accessible by a wide audience and is intended for use only within our company. This includes information supplied to you for new business pitches and information gathered about your competition and current clients.
Unexpected Data Loss or Theft
Even with the tightest security, best practices and policies, data attacks occur everyday. Loss or theft of data can hurt your bottom line in more ways than one. Not only does it result in loss of consumer confidence, it can also expose you to litigation risk. That’s why it’s critical to understand exactly what data or security breach regulations are applicable to your business and how prepared you are to respond to them. At the very least, all employees and contractors should understand that they must immediately report any loss or theft of information to the appropriate company officer. And because data privacy and breach laws can be very broad and strict, no loss should be ignored. So even if you have sensitive data that just can’t be accounted for, such as an employee who doesn’t remember where he left a backup tape, it may still constitute a data breach and you should act accordingly. Here are resources to help you determine applicable laws and how to adhere to them.
The Online Trust Alliance has a comprehensive guide to understand and preparing for data breaches.
The Federal Trade Commission has materials to help small businesses secure data in their care and protect their customers’ privacy, including an interactive video tutorial.
Our team is constantly testing to identify the latest security challenges, changes and best practices to keep you safe and informed. We are always ready to assist you by phone, chat or email.