The Edge for June 2024
How do you protect your company, your customers and yourself from cyberthreats? We asked New Jersey Chamber of Commerce members who specialize in cybersecurity to shell out advice to help companies protect their data and their liability. Read more below.
Don’t’ Say ‘Breach.’ Say ‘Incident’ Until Proven Otherwise.
Get rid of data from 20 years ago. If you do need keep data statutorily, in regard to employment or litigation records, keep it offline. The other thing that small business owners don’t think about is a lot of their equipment is leased, not owned. When you return that equipment with stored data, who is wiping (clean) that information? When you are traveling, don’t synch your phone with a rental car. You are feeding data into a vehicle that you don’t own or control. These are things you have to think about. You can’t just say, ‘I’m not just a small business owner. I’m not a target.’ Also, don’t say the ‘B’ word. Say ‘incident’ until proven otherwise. Don’t say breach. You need to make sure your employees know how to report. At our office, everybody has a handy 4x6 incident response card. If somebody clicks on something or somebody sees something that is funky or somebody’s computer shuts down on them, they know who to call. This allows us to get the team moving. A lot of the damage that happens in a breach happens in the first 24 hours. It’s critical to have a plan in advance. The day you have a compromise is not the day to say ‘what do I need to do?’
– Michelle A. Schaap, Chair, Tech, Privacy & Data Innovations, CSG Law
Name Somebody the ‘Superintendent of Risk’
Only collect what you need. If it doesn’t exist, it can’t hurt you. But once you have it, only allow access to what is essential to every user. You may collect 18 data elements. But a given user in your company may only need to see nine of them in order to do their job. Further, somebody has to be in charge. Somebody needs to be named the superintendent of risk so everybody knows these issues are being taken care of. A little bit of governance can go a long way.
– Tom Gregory, Senior Vice President, Head of Commercial & Government Product Sales, TD Bank
Ask Yourself: What Data Do You Actually Need
Collecting data for your business is a necessity. We all know that. Most people don’t understand or identify who needs what data? Ask yourself and each of your department heads what data they actually need, where the data reside, what happens if the data gets breached, and what is the action plan if and when there is an incident? Also, phone fraud and phone scams are skyrocketing. When you need to verify something with someone, call them. Do not email or text. It’s very important to pick up the phone and call a known number.
– Kai Pfiester, Founder & CEO, Protexity
Reduce Your Footprint
Reduce your data footprint. Ensure that there are adequate backups. Data is king these days. Everybody wants more data and more inputs to help us analyze a situation. You need to identify what happens to this data and how you act to properly protect it.
– Will Shu, Chief Information Officer, Riverstrong
