THE ULTIMATE BUSINESS CYBERSECURITY CHECKLIST

A checklist of things you can do to be more prepared and take care of your customers.

PLUSCONSULTING.COM

INTRODUCTIONS ally Beauty Supply joined Anthem, Target,

and Premera in experiencing a data breach of its customer’s valuable data. In Sally’s case,

it’s the second time in about 15 months that this has happened to their organization. Since 2012, the United States government has been grappling with a cybersecurity bill that would protect the American consumer, but as of this time there is no federal law in place.

Forty-seven states, as well as the District of Columbia, have enacted security breach legislation. The problem is that not only does your business need to know the laws for your own state, but also in the state where your customers live. For instance, if your business is in Alabama, you do not operate under security breach laws. However, your customer in Montana has rights under their state’s law. It is increasingly complicated

to ensure that your business protects personal information.

Don’t think that because you aren’t an international brand that you aren’t at risk. Hackers take advantage of small businesses that don’t have the security and protocols in place to protect their customer’s data. Unfortunately, a big problem is that you may not discover the breach until much later. This is why you have to be prepared and stay on top of your cybersecurity. Here is a checklist of things you can do to be more prepared and take care of your customers.

BUSINESS CYBERSECURITY CHECKLIST

“Don’t think that because you aren’t an international brand that you aren’t at risk. Hackers take advantage of small businesses that don’t have the security and protocols in place to protect their customer’s data.“

2

MAKE SOMEONE RESPONSIBLE FOR SECURITY

A lthough you may be the CEO of the business, keeping up with cybersecurity issues as technology changes is a full-time job. You need a dedicated cybersecurity expert or organization who can help you

maintain privacy for your customers. It’s important to know the laws where you are doing business, and an IT specialist in this industry is a valuable resource.

There are a number of businesses that offer services for smaller businesses who need assistance but can’t afford a full-time IT in-house employee. The monthly fee to outsource this valuable protection is probably much less than what it will cost your business to clean up a breach.

In fact, the Ponemon Institute suggests it costs around:

$200 per record to fix an attack

BUSINESS CYBERSECURITY CHECKLIST 3

BUSINESS CYBERSECURITY CHECKLIST

W hich devices are your staff using? Every device that accesses

your system is a point of exposure to your company. Many employees know that they need to firewall their PC, but never think about their smartphone or tablet being a potential access point to hackers.

Don’t forget your Wi-Fi network or when your staff access your network through a public access point.

T here are a number of free software programs that offer

security, but many of these solutions are not effective for businesses. You need to make the investment in software that provides the level of protection that is vital for your customers.

One breach will not only be expensive to clean up, but you lose points in your reputation, which is more difficult to repair.

KNOW YOUR SOFTWARE

KNOW HOW YOUR EMPLOYEES WORK

4

HAVE A POLICY

Y our software only goes so far in protecting your business. You have to have a policy in place and

provide training to your staff.

Making sure that everyone understands how a cyberbreach will affect their own job is paramount to getting them on board.

Establish a policy as to who has access to which data. While you need an IT person who is directly responsible, cyber security is a concern for your entire staff.

UPDATE YOUR SOFTWARE

HAVE A RECOVERY PLAN

DON’T WAIT FOR REGULATIONS

S oftware updates are a pain. It takes time and may cost you money, but the software manufacturers improve security in these updates. Your IT person can help you stay on top of all the latest products, just make sure you set a budget aside for software and security.

W hen a breach does happen, your staff needs to know what to do. Although you may be tempted to investigate on your own, that could hinder forensics or make evidence unusable. You may need to work with your insurance provider to ensure you are following the best practices for the constraints of your

policy. Then, you need to figure out how you will notify customers and what you will tell them. Your business hinges on how well you can handle even the smallest breaches.

B e proactive and take steps to protect your company against a cyber-threat. If you’ve never thought about this before, it may seem overwhelming. However, if you stick your head in the sand and ignore it, you may be even more surprised when you get breached and get a bill for the clean-up.

BUSINESS CYBERSECURITY CHECKLIST 5

PLUSCONSULTING.COM

info@plusconsulting.com412-206-0160 /PlusConsulting_/PlusConsultingLLC