What kind of data do you have in your business?

Cyber Security Planning Guide by FCC and Cyber Defense Partners

Customer and client information, payment information, personal files, bank account details – all of this information is often impossible replace if lost and dangerous in the hands of criminals.
Data lost due to disasters such as a flood or fire is devastating, but losing it to hackers or a malware infection can have far greater consequences.

Remember, criminals can’t steal what you don’t have.

10 practical lessons businesses can learn from the FTC’s 50+ data security settlements.
Data breaches are in the headlines and on your mind. The consequences could be disastrous. Some good news– there are plenty of steps you can take to protect your company’s data.

Cyber Plan Action Items:

1. Conduct an inventory to help you answer the following questions:

Who has access to that data and under what circumstances?

Not every employee needs access to all of your information. Your marketing staff shouldn’t need or be allowed to view employee payroll data and your administrative staff may not need access to all your customer information. When you do an inventory of your data and you know exactly what data you have and where it’s kept, it is important to then assign access rights to that data. Doing so simply means creating a list of the specific employees, partners or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked.

Your business could have a variety of data, of varying value, including:

  • Customer sales records
  • Customer credit card transactions
  • Customer mailing and email lists
  • Customer support information
  • Customer warranty information
  • Patient health or medical records
  • Employee payroll records
  • Employee email lists
  • Employee health and medical records
  • Business and personal financial records
  • Marketing plans
  • Business leads and enquiries
  • Product design and development plans
  • Legal, tax and financial correspondence

How is that data handled and protected?

Security experts are fond of saying that data is most at risk when it’s on the move. If all your business-related data resided on a single computer or server that is not connected to the Internet, and never left that computer, it would probably be very easy to protect. But most businesses need data to be moved and used throughout the company. To be meaningful data must be accessed and used by employees, analyzed and researched for marketing purposes, used to contact customers, and even shared with key partners. Every time data moves, it can be exposed to different dangers. As a small business owner, you should have a straightforward plan and policy – a set of guidelines, if you like – about how each type of data should be handled, validated and protected based on where it is traveling and who will be using it.

Read full Cyber disaster recovery plan from FCC here: https://transition.fcc.gov/cyber/cyberplanner.pdf

Cyber Security Resources

  • Center for Internet Security (CIS): www.cisecurity.org
    Free online security check ups: http://www.staysafeonline.org/stay-safe-online/free-security-check-ups
  • National Cyber Security Alliance for Small Business Home Users: http://www.staysafeonline.org
  • OnGuard Online: www.OnGuardOnline.gov
  • Cyber Safety Links for High School Studentshttp://blackboard.aacps.org/portal/lor/obj/mods/4students/HSCybrSfty/addlinks.pdf

  • NIH Free Online User Training (non DOD version):http://irtsectraining.nih.gov/publicUser.aspx
  • FCC Cyber Security Encyclopedia Pagehttp://www.fcc.gov/cyberforsmallbiz
  • Federal Trade Commission – Identity Theft Information:http://www.onguardonline.gov/topics/computer-security.aspx
  • Federal Trade Commission’s Interactive Tutorial:www.ftc.gov/infosecurity
  • 10 practical lessons businesses can learn from the FTC’s 50+ data security settlements.
    https://www.ftc.gov/tips-advice/business-center/privacy-and-security/data-security

    Click to access pdf0205-startwithsecurity.pdf

  • Learn more about this subject on the FTC’s website: ftc.gov/tips-advice/business-center/guidance/start-security-guide-business