Check out Danielle’s related post for individuals and families.
January 28th is Data Protection Day in the United States and Europe. The celebration of this day is the anniversary of “the signing of the Council of Europe’s Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data in 1981.” [Source] The regulation that the council put in place is the General Data Protection Regulation (GDPR).
Data protection and cyber security can be overwhelming, even daunting; to many Small and Medium Enterprises (SMEs), adequate security can seem unattainable. On the contrary, every individual and business can take steps toward a strengthened security posture. The key word here is “steps”.
It’s a continuous, never ending process. This first step is to change your perception towards cyber threats.
We can no longer think…
- It will never happen to my company
- My company is a small-medium sized business and we’ll never get hacked
Think again.
These perceptions create easy prey for cyber criminals as perceptions dictate behavior.
These suggestions are a few steps to protect both personal data and privacy. Always remember that Data Protection ties directly to pathways within the cybersecurity landscape.
As a business owner or manager, what can you do to protect yourself?
- Create or review your Data Security Policy – this should be #1 on your policy roadmap.
- Change your system passwords.
- Ask your employees to change their passwords, even if it is not on your regular cycle if you have one.
- If you don’t have a password policy, please create one.
- If you have a customer and/or partner portal, contact them and have them verify the users and their access levels.
- This would be a great touch point for an Account Manager to reach out to existing customers and partners. Who knows, maybe they will strum up more business.
- Review your current security policies.
- What has changed within your business such that the policy should be updated?
- Make sure the current policy is relevant to your current business, customers’ requirements, and recent cyber threats.
- Remind your employees of security policies.
- Maybe hold a lunch and learn for an internal review.
- During that review ask them what ideas they may have on helping to enhance the organization’s security measures.
- If your team members are part of the security process, they will be more aware of protecting the business and customers’ information.
- Consider ways in which you can exhibit to your customers and partners that your business is serious about data privacy and protection.
- Set your company apart from the competition and add value to your brand by pursuing regulatory conformities that will give your customers and prospects the confidence in knowing that, to you, their information is a treasure to be protected.
- Evaluate your IT operations. I’m sure you are monitoring for availability and compute resources. You may be able to go further in securing the digital assets of your business.
- Are you also monitoring for security threats with a Security Information and Event Management (SIEM) system?
- Are you conducting periodic tests of your environment for possible vulnerabilities within your infrastructure, including remediation and re-tests?
- If you conduct business with European Union (EU) residents or companies with EU consumers, your business will need to adhere to General Data Protection Regulation (GDPR), a new European Union (EU) data privacy policy regulation.
- “The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.” [Source]
- This regulation will be enforceable on May 25, 2018.
Data breaches are an everyday occurrence, with no end in sight. Set some time aside today, or this week, to protect your personal and business information.
Unfortunately, none of us can be 100% protected from having our data compromised. However, we can mitigate our risk, be alert, and respond for a rapid recovery. If you would like help reviewing or improving your security, contact SCS to help with your security action plan.
About Secure Compliance Solutions LLC
Secure Compliance Solutions LLC (SCS) provides a wide range of cybersecurity consulting and managed security services to small and medium sized businesses (SMB) and government agencies, fortifying their Information Security and Data Privacy programs. SCS works with its clients to tailor and implement industry-proven frameworks and standards to meet compliance goals and drive consistent security operations. We raise awareness of current security trends and risks to prepare personnel to recognize and defend against potential security issues. We implement technical solutions and controls to minimize data risks and liabilities. Our Managed Security Service provides “constant watch” against both internal and external cyber threats and attacks. At SCS, we promote a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities to keep your business up and running.