Viewing entries tagged
Compliance

U.S. Small Business Administration recommends the following best practices, For education and cyber-prevention

Comment

U.S. Small Business Administration recommends the following best practices, For education and cyber-prevention

  • Establish security practices and policies to protect sensitive information

  • Educate employees about cyberthreats and hold them accountable

  • Require employees to use strong passwords and to change them often

  • Employ best practices on payment cards

  • Make backup copies of important business data and information

  • Create a mobile device action plan

  • Protect all pages on your public-facing websites, not just the checkout and sign-up pages

    The survey also found:

    • 65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.

    • 86 percent of business owners believe that digital risk will continue to grow.

    • 30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.

    • Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.

    • Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.

    • 35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.

Comment

Government Regulations-Regulatory Compliance and Data Security

Government Regulations-Regulatory Compliance and Data Security

Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.

As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.

One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.