7 tips to protect your new venture
Read
New business ideas are hatching every day. Whether you’re capitalizing on the Green Movement with a new solar-powered motorcycle or marketing the Fountain of Youth to aging baby boomers, starting a new venture brings both opportunity and risk.
One important risk area many entrepreneurs neglect is the risk to your data. Did you know that a business can be held responsible for identity theft if you don’t protect your clients’ sensitive personal information? This is no small matter: the chance of a data breach increases every day; the risks to your financial well-being and your reputation are enormous.
What should an entrepreneur do to protect your data at this very delicate stage of the business lifecycle? Here are some important tips for new businesses…and existing ones.
- When you design your network, you’ll want to provide remote access. But make sure to protect sensitive data. Your network should be protected with firewalls. Publicly accessed servers should be segregated from the internal network. If you are planning to use a wireless access, take additional steps to protect this access point.
- Install anti-virus software and update it regularly. New viruses crop up daily – old software won’t protect you.
- Implement a business continuity plan that takes into consideration business process priorities, maximum allowable downtime and cost associated with downtime.
- Implement physical security devices (e.g. cameras, card readers). If your hardware leaves the building, your data goes with it!
- Require strong passwords, and mandate frequent changes. If staff will be using laptops outside the office, consider hard drive passwords that protect your data even if the hard drive is removed.
- Develop and implement an Information Security Policy. Make sure your employees are trained on the policy. Include:
- policy maintenance
- asset management (including information handling)
- physical and environmental security
- communications and operations management
- access control
- information systems acquisition
- development and maintenance (including vulnerability management)
- information security incident management
- business continuity management, and
- compliance with legal requirements.
- Outsource services that support your business but are not core to your organization. These include IT support, email messaging, on-line back-ups, and more. These disciplines change rapidly, so using outside professionals is the safest choice. But perform the proper due diligence to engage the right vendor. Review audited financial statements, service delivery capability, internal controls and security (e.g. SAS 70) and insurance. Ask for references, and check them.
On yearly basis, review regulatory requirements and verify that your policies address them. Make sure your procedures are updated as changes in your business occur. Verify internal compliance with your policies and monitor third party vendors. And train your employees — the new ones as they join you, and the existing ones annually!
Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.