By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Not all data is created equally. The cat pictures your coworkers email around are not nearly as important as your customer data, accounting records, and intellectual property. Critical data should receive commensurate levels of protection.
Just as with your cyber-doors and cyber-windows, step one is to inventory your critical data and determine where it is located. Step two is to protect it. The type of protection needed is going to depend on the type of data and where it is located.
For example, if you use a web-based customer relationship management application to manage your customer data, your provider may deliver most of the protections you need. But if you are self-hosting, then you will want to ensure the database is backed up.
Personal information, such as social security numbers, might be saved in an encrypted file, so that even if the data was stolen, it would be useless to the thief and you have a much better story to tell your customers. If you store credit card data or health data, then there are specific requirements that you must follow, namely PCI and HIPAA, respectively.
Actionable Steps
- In policy, assign responsibility for maintaining an inventory of system access.
- At a minimum, require access to sensitive systems or sensitive transactions be approved, formally or informally, by an organizational leader.
- Periodically review the access lists to verify access is appropriate.
The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity. Download the entire whitepaper below to access additional Cybersecurity suggestions.
Want to keep your business safe from cyberattacks? Contact us. Our Cybersecurity team can provide you with critical insight into your company’s cybersecurity footprint.
Additional Cybersecurity Resources:
- Cybersecurity: Know Who Has Access to Your Systems and Deactivate Access Timely
- Cybersecurity: Backup. Backup. Backup.
- Cybersecurity: Educate and Motivate Staff to Be Careful
- Cybersecurity: Cyber Insurance
- Cybersecurity: So You Think You Have a Breach
- Infosecstack: Collection of free cybersecurity resources
- Cybersecurity Desktop Guide
About the Author
Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog.
More Insights from Christopher MoschellaThe information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.
