top of page

What are Some Steps Startups Should Take to Protect Their Data?

Data is your most valuable business asset…how well is your data protected?...your customer's / vendor's data?

In today’s complex world of cybersecurity threats, laws, and regulations that are ever-changing and ever-evolving, it’s nearly impossible to say you’re 100 percent compliant with all standards at all times.

  • If you have a Web Site…you are an international company!

  • 61% of data breaches directly affect small businesses.

  • Insurance companies increasingly require a copy of your security plan, emergency planning documents, business continuity plans, and security management plans that all can affect your rate.

Key Definitions

  • PII Personally Identifiable Information - Any information that can be used to distinguish one person from another.

  • Digital Asset – digital content, text, media...

  • Examples of Digital Assets - Business photos, business websites or blogs, business processes, applications/software, email, contact / client / customer lists, subscriptions to online journals, intellectual property (IP) [copyrighted material, trademarks service marks (i.e. your company's logo), patents], products in an online store.

  • Spoofing and Phishing - techniques used by scammers to mislead e-mail recipients. ... Spoofing is a technical measure used to change the apparent sender details on an e-mail, while phishing is an attempt to make the recipient hand over sensitive information such as log-in details.

  • Two Factor Authentication - security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access.

Plan, Record, and Protect Your Business' Digital Content

  • Plan

  • Locate Digital Assets

  • List Digital Assets

  • Plan of Action and Milestones (POA&M) - A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.

  • Emergency Planning Documents, Business Continuity Plans, and Security Management Plans

  • Record

  • Carefully identify and record each detail of each asset

  • Digital backup records

  • Protect

  • Non-Disclosure Agreements – every interaction, discussion, etc.

  • Every relationship / partnership /vendor etc. should have a written agreement

  • Training

  • Write clearly defined steps to take in an emergency: Web Site, Employee Handbook, Breakroom

  • Send email reminders of security best practices

  • Before and after holidays

  • After an incident

  • Send / put notes on paycheck

  • Copyright, Patent, Trademark

  • Backup

  • Backup 1 2 3 Rule

  • The 3-2-1 backup rule is an easy-to-remember acronym for a common approach to keeping your data safe in almost any failure scenario. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.

  • Testing

  • Routinely test all communication channels

  • Routinely spot test staff’s responses to phishing

  • Security

  • Two Factor Authentication

  • Require Strong passwords 12 digit minimum at least

  • Up-to-date antivirus anti-malware software

  • SSL Certificates for Web Site Domains

  • Firewall Security for Your Internet Connection

  • Mobile Device Action Plan

  • Control Physical Access to Your Computers

  • Create User Accounts for Each Employee

  • Limit Employee Access to Data and Information, Limit Authority To Install Software

Information Resources

  • SBA https://www.sba.gov/business-guide/manage-your-business/small-business-cybersecurity

  • FCC https://www.fcc.gov/general/cybersecurity-small-business

  • Entrepreneur Magazine What Small Business Owners Need to Know About Cybersecurity https://www.entrepreneur.com/article/299387

  • Entrepreneur Magazine Biggest Cybersecurity Threats Facing Small Businesses Right Now https://www.entrepreneur.com/article/307749

  • Internet Security Alliance Free training materials, security configuration guides http://www.isalliance.org/

  • Microsoft Cybersecurity Tips and Technology for Small Businesses https://www.microsoft.com/en-us/store/b/microsoft-small-business

  • Small Business Solutions from StopBadware http://stopbadware.org/

  • U.S. Chamber of Commerce Internet Security Essentials for Businesses 2.0 https://www.uschamber.com/CybersecurityEssentials

  • FICO and U.S. Chamber of Commerce Assessment of Cyber Security Risk Report https://www.uschamber.com/cyber-abc/#/

Security and Data Management means having Emergency Planning / Business Continuity / Security Management Plans, Asset Records, routine Backups, antivirus anti-malware software, and much more…are you data assets protected?

Let IAS help…

We have built Security and Data Management solutions with Data, Security, and Risk frameworks, templates, and tools for businesses of all sizes, designed to be scalable for flexibility and offers a turn-key solution that will work seamlessly within your organization.

InfoAge Solutions (IAS) is a premier Business Technology Service Provider that works with organizations, hands-on, to identify and implement proven business practices, strategic frameworks, infrastructure processes, staff development, and leading-edge technology solutions.

https://www.infoagesolutions.net/contact

bottom of page