The first step in creating a data classification policy for any business is figuring out what kind of data you have. Your business may need more specific classifications depending upon the data you handle or it may require different names depending on who you serve (for example, a school serves students rather than customers), but the classifications listed below are a good place to start.
Topics: Policies and Procedures
Let's face it, managing risk is a constantly changing game. Risks can be identified at any time and must be reviewed regularly, so how are you supposed to keep track of every single one? This is where a Risk Register can help change your game.
Risks must be documented in order to be managed; you can't manage what you can't measure. A Risk Register helps you keep track of all the risks to the business as they are identified and helps to make sure you don't forget about or lose anything in your risk management process.
So what's the next step after documenting the risk? Step 2 is making sure you truly understand the risk. What is the impact of that risk to the business? What is the likelihood of occurrence? Who's responsible for managing it? Without answering these questions, it's impossible to prioritize which risks need to be addressed first and decide how they should be addressed.
Lastly, once risks have all been documented, it's important to regularly review and re-assess the risks in your business. It is incredibly important to put the proper processes in place to review (at least quarterly) all the risks that your business has identified. Having all those risks centrally documented, described and prioritized in a Risk Register makes it much simpler, repeatable process.
That's why we want to help you start a Risk Register for your business. We've created a ready-to-use Risk Register template for you to customize to your business. Use this template to help you:
- Identify risks
- Understand the impacts and likelihoods of those risks
- Manage risks over time
- Manage ownership of risks
- Prioritize risks and have an at-a-glance view of your current state!
Topics: Policies and Procedures
As businesses store a greater amount of confidential information in digital form, the need for security practices and strategies has increased exponentially. While the headlines often focus on “the big guys,” the threat of cybercrime is still very real for small businesses, where security tends to be weaker than that of established firms. In fact, many high profile breaches (i.e. Target and Home Depot) happened through a smaller business partner. The problem is that small businesses often lack the appropriate resources of their larger counterparts, resulting in them being an easier target for hackers.
Are you regularly using your computer in admin mode?
Microsoft has released eleven security updates in an effort to address vulnerabilities found in Microsoft Windows. These vulnerabilities could be hazardous to your personal information. Some of these vulnerabilities could allow unauthorized privileges, denial of service, disclosure of information, and even security feature bypass.
Apple released new security updates for OS X, iOS, Safari and Apple TV in an effort to address several potentially hazardous vulnerabilities which could allow an attacker to gain control of the affected system. To keep OS X and Safari up to date, follow the instructions an Apple’s website. For iPhones, iPads and Apple TVs go to settings and run updates from the “General” section.
Mozilla has released a new Security Update for Firefox. Firefox 37.0.1 was released to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks, a type of attack where the attacker secretly relays (and possibly alters) the communication between two parties who believe they are directly communicating with each other.
A new federal data security bill that’s making its way through congress provides an opportunity for SMBs to examine the way they handle client data. The newly introduced bill will affect businesses and many non-profits that store or collect personal information.
Does your business use email? The CAN-SPAM Act is a law that sets the rules for commercial email, gives the recipients the right to have you stop emailing them, establishes requirements for commercial messages, and issues tough penalties for violations.
Recently, cyber security experts have urged Fortune 100 companies to rethink their social media strategies after revealing that there was a widespread outbreak of unauthorized accounts, content based threats and account theft taking place. On average, a firm typically has upwards of 330 accounts on various media platforms and that many of them were false or made up by hackers and scammers.