Protecting Your Business on Data Protection Day
Check out Danielle’s related post for individuals and families.
January 28th is Data Protection Day in the United States and Europe. The celebration of this day is the anniversary of “the signing of the Council of Europe’s Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data in 1981.” [Source] The regulation that the council put in place is the General Data Protection Regulation (GDPR).
Data protection and cyber security can be overwhelming, even daunting; to many Small and Medium Enterprises (SMEs), adequate security can seem unattainable. On the contrary, every individual and business can take steps toward a strengthened security posture. The key word here is “steps”.
It’s a continuous, never ending process. This first step is to change your perception towards cyber threats.
We can no longer think…
- It will never happen to my company
- My company is a small-medium sized business and we’ll never get hacked
Think again.
These perceptions create easy prey for cyber criminals as perceptions dictate behavior.
These suggestions are a few steps to protect both personal data and privacy. Always remember that Data Protection ties directly to pathways within the cybersecurity landscape.
As a business owner or manager, what can you do to protect yourself?
- Create or review your Data Security Policy – this should be #1 on your policy roadmap.
- Change your system passwords.
- Ask your employees to change their passwords, even if it is not on your regular cycle if you have one.
- If you don’t have a password policy, please create one.
- If you have a customer and/or partner portal, contact them and have them verify the users and their access levels.
- This would be a great touch point for an Account Manager to reach out to existing customers and partners. Who knows, maybe they will strum up more business.
- Review your current security policies.
- What has changed within your business such that the policy should be updated?
- Make sure the current policy is relevant to your current business, customers’ requirements, and recent cyber threats.
- Remind your employees of security policies.
- Maybe hold a lunch and learn for an internal review.
- During that review ask them what ideas they may have on helping to enhance the organization’s security measures.
- If your team members are part of the security process, they will be more aware of protecting the business and customers’ information.
- Maybe hold a lunch and learn for an internal review.
- Consider ways in which you can exhibit to your customers and partners that your business is serious about data privacy and protection.
- Set your company apart from the competition and add value to your brand by pursuing regulatory conformities that will give your customers and prospects the confidence in knowing that, to you, their information is a treasure to be protected.
- Evaluate your IT operations. I’m sure you are monitoring for availability and compute resources. You may be able to go further in securing the digital assets of your business.
- Are you also monitoring for security threats with a Security Information and Event Management (SIEM) system?
- Are you conducting periodic tests of your environment for possible vulnerabilities within your infrastructure, including remediation and re-tests?
- If you conduct business with European Union (EU) residents or companies with EU consumers, your business will need to adhere to General Data Protection Regulation (GDPR), a new European Union (EU) data privacy policy regulation.
- “The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.” [Source]
- This regulation will be enforceable on May 25, 2018.
Data breaches are an everyday occurrence, with no end in sight. Set some time aside today, or this week, to protect your personal and business information.
Unfortunately, none of us can be 100% protected from having our data compromised. However, we can mitigate our risk, be alert, and respond for a rapid recovery. If you would like help reviewing or improving your security, contact SCS to help with your security action plan.
About Secure Compliance Solutions LLC
Secure Compliance Solutions LLC (SCS) provides a wide range of cybersecurity consulting and managed security services to small and medium sized businesses (SMB) and government agencies, fortifying their Information Security and Data Privacy programs. SCS works with its clients to tailor and implement industry-proven frameworks and standards to meet compliance goals and drive consistent security operations. We raise awareness of current security trends and risks to prepare personnel to recognize and defend against potential security issues. We implement technical solutions and controls to minimize data risks and liabilities. Our Managed Security Service provides “constant watch” against both internal and external cyber threats and attacks. At SCS, we promote a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities to keep your business up and running.
Recent Posts
Categories
Posts by Month
- October 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- October 2023 (1)
- February 2023 (1)
- November 2021 (2)
- October 2021 (1)
- December 2020 (2)
- November 2020 (2)
- October 2020 (4)
- September 2020 (1)
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2018 (1)
- March 2018 (5)
- February 2018 (3)
- January 2018 (5)
- December 2017 (3)
- November 2017 (3)
- October 2017 (6)
- May 2017 (1)
- January 2016 (3)
- November 2015 (1)
- October 2015 (1)