|Cyber Security Planning Simplified*|
Privacy and data breaches, security compromised, millions of dollars lost, businesses closed; you have heard the horror stories of why you need to be concerned. Most solutions can leave small business owners overwhelmed, however there are practical ideas within reach for any organization.
Here are a few steps to get you started:
- Provide online cyber awareness training to your employees. Your greatest vulnerability is your people, not your equipment or software. There are several inexpensive or free resources available.
- Document the steps you are taking to protect your sensitive data. Cyber laws and regulations use very general terms. You need to show you have made a reasonable effort to protect the data in your possession.
- Inventory your equipment. Know which equipment holds or transmits sensitive data, and then categorize each piece as low, moderate or high sensitivity.
- Inventory who has access to sensitive data, and categorize this group too. This includes staff, management team, vendors, and software suppliers. Putting something in the “cloud” does not change your obligation. If you collected the data, the affected person and regulators are still going to look to you to be accountable if there is a breach.
- Change permissions so users have the lowest security level needed to perform their job, and then increase permissions as necessary.
- Assign a point person to represent the company in the event of a cyber incident, and to monitor compliance with the cyber plan throughout the year.
- Implement a written cyber plan sooner rather than later, even though you may not be able to say you are fully compliant. Adopt the plan now, and work to become compliant with all the elements.
To help fund, organize, and implement a cyber program consider a cyber liability policy from a company that offers many of these tools at a discount or at no cost. These would include items such as a pre-loss hotline to ask questions, risk management tools, checklists and sample plan documents, a cyber breach coach in the event of a cyber event, password management software, and access to cyber awareness training for your staff.
About the author – Mark D. Sammarone, CIC, CISR is Executive Vice President/Agency Principal at Arthur Hall Insurance and the Chief Information Security Officer for the agency. Request a free Cyber Response Planning Tool Kit, at firstname.lastname@example.org.
*This article appeared in the Nov/Dec 2019 edition of The Chamber Chatter, a Greater West Chester Chamber of Commerce news and information resource.