Have any questions? 973 890 1111
A HIMSS Approved Education Partner

5 Steps to Create a Cyber Security Plan for Your Business

From the moment your business opens its doors, you’ll want to make cyber security a leading priority. If not, you’re welcoming cyber criminals to enter you network and take valuable data hostage. As the digital economy becomes more mainstream, technology is changing fast and most businesses – small and large – can’t keep pace. With mobile technology on the rise, and the Internet of Things (IoT) and cloud computing changing the way corporations and employees connect to their networks and store data, the growing risk of cyber attacks is clear and will only increase. Just ask Equifax, HBO, and Blue Cross Blue Shield / Anthem. These large corporations are only a few of the hundreds of companies dealing with the consequences of being hacked just within the last year.

Customer and client information, personal files, and company financials are all examples of data that is impossible to replace if lost or stolen. It is also extremely dangerous if it is lost to hackers or becomes infected with malware. How IT and corporate management protect and manage data is vital to the security of a business and the privacy expectations of customers, employees and partners. IT support staffs, like our dedicated team at Pinnacle Consulting Group, have the skills and tools to protect organizations from online threats. From managed services, to vulnerability assessments and educational training, the resources are out there. To defend assets, a business must first crate a plan to organize efforts and keep the organization in line with a clear cyber security strategy. It will take time, but the benefits of a thought out and well-organized plan will be well worth the investment.

5 Cyber Plan Action Items

  1. Identify the inventory. To protect your organization, you must know what you have that’s worth protecting. Businesses will have all kinds of data, some of which is more valuable and sensitive than others. However, all data that is kept has some value to someone; from customer data, to employee information, and proprietary and sensitive business information. Once you’ve identified and prioritized the inventory, IT and corporate managers need to answer the following questions:
    • How is the data being protected? Valuable business-related data is handled daily by employees for market research, contacting customers, and even shared with third-party partners or vendors. As data is moved from one network and device to another, the risk of a breach increases with each move.
      A set of guidelines detailing how data should be handled, validated and protected should be put in place before any transaction is made. This will help prevent a breach between data transfers.
    • Who has access to the data and under what circumstances? Not every employee needs access to all the same information. Your marketing employees don’t need payroll information and your administrative staff does not need access to customer information. Your IT team should be responsible for creating lists that state which employees and partners have access to specific data, under what circumstances, and how that data is transferred and managed.
  1. Protect what’s valuable. Once an organization has identified what is valuable, it needs to create a course of action to protect that data. This involves everything from patching systems to most importantly, implementing a privacy policy.Customers expect that their data is a company’s top priority. Making a pledge to them to maintain their trusts greatly impacts not only your relationships but profitability. When creating a privacy policy, start with a clear statement which provides detail about the information being collected from customers (email addresses, browsing history, full names, etc.) and how it will be used and stored.Should a breach occur, you will be held accountable for the claims that are written out within the corporate policy. For that reason, it’s important to be thorough while creating the document, and make it easily accessible on your website for third-parties to view. Additionally, employees must be familiar with the legal actions associated with the policy and understand how it impacts their daily workflow with valuable data.
  1. Know what information is collected online. A company’s website is a great place to collect information – from newsletter signups and whitepaper downloads to browsing history. Therefore, it is often the first spot cyber attackers seek to invade.Today, companies have two options when protecting their website servers. They can host their own site or they can have support from a third-party web hosting company. If your company is managing its own server, all actions listed above must be taken to maintain tight security with all data. If your organization collects data through a website hosted by a third-party, it’s crucial to understand and set standards for how that third-party is protecting the information from hackers, outside sources, as well as employees of that hosting company.
  1. Create multiple layers of security. Don’t rely on one security mechanism to protect all data. When protecting information, the more layers the better. If your security mechanism fails, you want to make sure you have another layer close behind.Passwords are common forms of authentication used to protect sensitive data. While theses codes should be as strong as possible (a mix of numbers, letters, and symbols) and changed regularly, they may not always be enough. Consider a two-factor authentication approach when developing your cyber plan. This method may include a combination of a password with another verification method, such as a dynamic personal identification number (PIN). Additionally, encryption is another essential data protection technology available, and affordable, for even the smallest businesses.
  1. Be prepared for an attack. Data loss can expose a business to significant and costly consequences, including damage with brand and customer trust, litigation, and state and federal regulation breaches that cover data protection and privacy. That’s why it’s important to be prepared for the unexpected.All employees, third-party partners, and contractors should be aware of how data and security breach regulations directly impact the business and how to respond to them. At a minimum, employees must understand the signs of loss or theft, and know who to report a problem to so that it can be handled immediately. By being prepared for an attack, companies and their employees can act rapidly and provide coordinated responses.

Our IT staff is here to help! For more information about creating a cyber security plan for your business, call Pinnacle Consulting Group at 973-890-1111 or visit Pinnacle Smart. To learn about our education courses and services that can assist you during this process visit Pinnacle Center for Professional Development.