Data & compliance 101 for businesses…where to start?

Compliance Rules Law Regulation Policy Business Technology concept

Among the many responsibilities that business owners and managers have traditionally held, they are now faced with an increasingly growing challenge – complying with regulations and laws requiring their protection of their company’s data.

Understandably, this new responsibility has been embraced with little enthusiasm by business owners and operators as it takes away from more pressing tasks, not the least of which is generating revenue for their companies.

With so many organizations now relying on cloud services, keeping consumer data protected has become a worrisome priority. There is more awareness around data breaches as they are routinely reported by the media and therefore, growing concerns by consumers about their personal information being kept safe.

In a Feb 2021 study by Startpage of frequent internet users – and who isn’t these days – 72 percent of the respondents say they are either “very concerned or extremely concerned” about the privacy of their data. Yet they continue to regularly share their information online and do little or nothing to protect it.

Clearly, most people expect that someone else – namely the companies that they deal with – are covering that base. As do many state and federal agencies.

While there isn’t a comprehensive federal law governing data privacy in the US, there are a growing number of data privacy and security laws among the states. For instance, in 2018, the California Consumer Privacy Act (CCPA) was signed into law and it provides broader consumer rights for keeping data safe from unauthorized use and cybertheft. More recently, Virginia signed into law a Consumer Data Protection Act (CDPA) while New York will implement their SHIELD Act both of which create greater data security requirements for companies that collect personal information on their residents.

So, where does this leave business operators who want to comply with regulations and are looking for where to start?

  • Take a complete inventory of your IT systems, including workstations and cloud infrastructure and update this regularly.
  • Inspect all data stores:
    • Classify data along with applicable regulations, such as those from Payment Card Industry (PCI) and General Data Protection Regulation GDPR) and CCPA, as well as others
    • Encrypt sensitive information using commonly available database tools
  • Audit administrative access on a regular basis (setting a reminder) and minimize that role to only those who absolutely require it.
  • Set a password policy, including minimum complexity, reset the duration and implement multi-factor authentication.
  • Secure workstations with antivirus software in order to reduce cyberattacks.
  • Most important, continuously train anyone who works on a computer so as to create an understanding of the importance of cybersecurity and what to look for in suspicious activity.

Without question, it takes teamwork and planning to build a solid fortress around your company’s data, protecting it from domestic and foreign attacks.

However, your investment of resources is well placed because after consumer’s loyalty and patronage, their data is the most valuable corporate asset for any business.

Lose the latter and you will have lost both!

Should you have questions about anything related to cybersecurity, feel free to contact PrettyFluid Technologies. We have a team of seasoned professionals who can work in tandem with your IT department to meet and exceed compliance standards and protect your company with one-stop security solutions without disrupting business and profitability.