If you had to list your company’s assets, a lot of tangible things come to mind. What about data? It may not occur to you that the most valuable things you own are virtual.
Companies of all sizes collect and store Personally Identifiable Information (PII) such as phone numbers, birth dates, and social security numbers. Some companies also possess proprietary reporting information that competitors would love to see. Others have entire databases of customer data. From a hacker’s perspective, it’s all the same: easy money.
Protecting your corporate data (and avoiding legal jeopardy) means understanding and adhering to data compliance rules. That could include federal regulations like the Information Privacy Law, international regulations like GDPR, industry-relevant standards like HIPAA or PCI, and your own internal guidelines.
It’s a maze that can overwhelm a small business owner. Where do you start?
Understand the Flow
It’s critical that you understand where data resides and how it flows in and out. For example, a local law firm was recently shocked to discover that employees were saving highly sensitive client records in an unsecured file sharing app. Asking the right questions can uncover potential problems before they damage your reputation and cost you money.
Identify the Rules & Create a Checklist
What is required in your jurisdiction and industry? Create a requirements checklist that your team can understand. Build policy and training around that checklist. Select hardware and software that makes it easier – not harder – to stay in compliance.
Develop a Data Strategy that Prioritizes Security
Adopt a data strategy that streamlines the flow of sensitive information and prioritizes security. Adopt best practices to prevent data theft.
Plan for the worst. What steps do you take if unauthorized access occurs? Does your procedure follow all regulatory guidelines? If data is lost or corrupted, do you have a backup and recovery strategy in place?
Choose the Right Partner
SMBs are resource-limited. Is your potential exposure small enough that you can act as your own Compliance Manager and Director of Information Security? If the answer is no, you need a partner you can trust to fill in the gaps.