Every day in the news, we hear about data breaches. Are you concerned
your sensitive business, customer and supplier data is not protected?
STEP 1: DATA OWNER
All data needs someone in your organization to determine how valuable the data is that you want to protect. In the
cybersecurity business, we call that person a data owner.
The data owner could be the inventor who created your secret sauce, your CEO who devised your unique business
strategy, or the customers who depend on your services.
Not all data needs protection. The data owner can be called upon to determine which data to protect, how sensitive
it is, who can access it and use it and the severity/criticality of the data if it is lost or stolen.
It’s easy to say that your payroll data is critical for your business, but what about the age of your equipment and warranty
schedule? It may not be critical now, until you need to replace it or ask the manufacturer to repair it. The business/data
owner can help you decide how “critical” various data elements are that you need to protect.
STEP 2: DEVICE MANAGEMENT
Data protection can include protecting the data by preventing access to the device (via passwords or other authentication
methods) even while it is stored on a laptop or memory device. Ensure that any critical data stored on removable device
(memory stick, disk, hard drive, laptop, tape) is password protected. These devices and the data that resides on them can
be easily stolen and compromised. If the device is password protected, it will be harder to gain access to the data stored.
STEP 3: CYBER SAFE BUSINESS PRACTICES
Simple cyber safe business practices can help protect your data. Your employees are often your best defense in protecting
your data. They know the ins and outs of your business, when deliveries are made, who the suppliers are, who your critical
customers are, profit and loss data and many more unique business facts. Don’t let that information get leaked, stolen or
posted on social media.
STEP 4: HARDWARE AND SOFTWARE
- Data protection is also about protecting the devices you use to store, manage and track your data. Here are some simple
tips to prevent data loss.
- Hardware and software inventory life cycle status – do you know if your equipment is still supported by the manufacturer?
Have you downloaded the latest updates? Does the vendor still support the applications you are using for your business?
It is important to know where you stand in your inventory life cycle and whether it might be time to update your hardware
and software. This is one of most overlooked cyber safe practices that criminals often use to gain access to your data.
- Conduct regular maintenance and run virus scans, learn how to run a utility system that can diagnose your system for
problems. These utilities can prevent little problems from becoming big problems, and will keep you in business.
STEP 5: BACKUPS
Before you make changes to critical data, always make a duplicate. Even if you just made a backup yesterday, make another
and label it. If you or your employees create a backup on a removable drive, have the drive or memory device password
STEP 6: OFF-SITE STORAGE
Something you probably never thought of, but what happens if there is a fire at your facility and your only backup was on-site
and was lost in the fire? Keep a copy of your critical data offsite. If you use a managed service provider to store your data and
applications, ensure that they provide you the ability to recover your data if it is compromised at their site. Know what is in the
fine print before you sign the agreement. If they don’t provide a guarantee - find another provider. Another option - one service
provider may not be enough - you might need another provider in another region of the country to ensure your data is backed
up – based upon your needs for recovery.
Did you know…
Here is a set of cyber safe business practices that you can easily implement:
- Advise employees to routinely save their work, sounds simple, but hours of work could be lost if they don’t think to stop
- Never open email attachments by habit or click on links unless it is a secure site and you know where the email
- Never allow employees to use memory sticks or disks from someone outside the company, unless someone has
scanned it first for viruses.
- Keep your business operations private and instruct your employees about what can and cannot be posted on social
media. Adversaries can use facts posted on public sites to conduct social engineering scams to trick your employees and
compromise your operations.
- Advise your employees to keep their passwords safe and secure and use our guide on how to create secure passwords.
Download a PDF of this fact sheet.
Still have questions, need help?
Contact us at our “Ask-an-Expert” service, firstname.lastname@example.org or visit us at the link below.
©2018 National Cybersecurity Society, All Rights Reserved
JOIN THE NCSS
Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a
About The National Cybersecurity Society
The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness
and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business
owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they
will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to
stay safe online.
How2-Protect-Your-Data-FINAL.pd.pdf 1,023.1 K