SlideShare a Scribd company logo

Small Business Guide to Information Security

Leo Welder
Leo Welder

http://www.choosewhat.com/ (ChooseWhat.com) brings small business owners and entrepreneurs a Step-By-Step Guide to Keeping Your Sensitive Information Secure. Embed this on your own blog, share it with your social network or let us know if we can help!

1 of 10
Download to read offline
Small Business Guide to 4 Simple Steps To Protecting You & Your Customers Evaluate Remove Prevent Dispose
EvaluateYour Company’s Assets & Identify Sensitive Information Step1 Develop a list of physical and digital assets located within each room of your company *Don’t forget storage, equipment, software & networks for each room Treat each digital device as an “office room” Take inventory of all personal and sensitive information stored or transmitted through these devices. Answer the following questions for each piece of office equipment:
EvaluateInformation Security Questionnaire – Digital Asset Evaluation Step1
RemoveAll identified security threats & unsecure practices Step2 Review your physical & digital asset log to identify sensitive data you do NOT need Only request sensitive data on the LAST step of transactions *Financial data should only be requested for processing payment or tax documents. NEVER include the expiration date or more than 5 digits on a sales receipt All online transactions or sharing of sensitive data should be done on a Secure Sockets Layer (SSL) *See final slide of Small Business Guide for secure payroll and ecommerce software
PreventFuture Security Breaches by Addressing Digital Security Step 3 Take inventory of new IT equipment that collects sensitive data *Log each VIN # and check it periodically to ensure it has not been switched Identify all connections to computers, servers & IT equipment that may contain sensitive data *iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc. Do NOT email sensitive data, use an online fax service *Faxing is the most secure way to transfer sensitive information, although fax machines are built with an internal hard drive that is often hacked when a company disposes of it. Use a Password Management Service Don’t store sensitive data on electronic devices that are easily stolen or lost *If needed, use an online backup service with an encryption & auto-destroy function
PreventFuture Security Breaches by Addressing Physical Security Step 3 Define employee guidelines, responsibilities & restrictions upon new employee hire & in company handbook. Make sure your employees log-off their computers and lock all cabinet doors prior to leaving each day. *iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc. Do NOT email sensitive data, use an online fax service. *Faxing is the most secure way to transfer sensitive information, although fax machines are built with an internal hard drive that is often hacked when a company disposes of it. Lock all file cabinets with sensitive information & start a “sign in/out” system each time they are accessed. *This should be true of off-site storage facilities as well.
DisposeOf any and ALL sensitive information Step 4 Make shredders available throughout the office, especially around mail areas, copy or fax machines *Do not create a “To Be Shredded” box, this will only increase your risk Erase electronic devices COMPLETELY before removal. *There are software options available to clean all electronics periodically or wipe completely Mail centers and fax machines should be placed in private area, AWAY from foot traffic *According to a GFI study, 49% of employees claimed to have seen a paper fax that was not intended for them
Security Software Recommendations Explain this point in a few sentences. An infographic doesn’t necessarily mean you aren’t allowed to use words. Secure Online Shopping & Payroll • Intuit GoPayment • Intuit Online Payroll Password Management • Lastpass • Dashlane Secure Online Backup • iDrive • Carbonite Online Backup External Hard Drive with “Auto Destroy” Feature • Apricorn Aegis Padlock 1 TB USB 3.0 256-bit AES XTS Hardware Encrypted Portable External Hard Drive • Apricorn Aegis Padlock 500 GB USB 2.0 256-bit Encrypted Portable External Hard Drive • Apricorn Aegis Secure Key FIPS Validated 16 GB USB 2.0 256-bit AES-CBC Encrypted Flash Drive Security Software for Portable Electronics • LoJack for Laptops Secure Online Fax Plans • MetroFax Essential • Nextiva Single User • eFax – eFax Plus
Sources Explain this point in a few sentences. An infographic doesn’t necessarily mean you aren’t allowed to use words. ChooseWhat.com would like to thank the following websites for their help in developing this information security guide. • http://business.ftc.gov/documents/bus75-medical-identity-theft-faq-health-care- health-plan • business.ftc.gov/privacy-and-security • David of FindAFax.com • www.OnGuardOnline.gov • Electronic Code of Federal Regulations • http://business.ftc.gov/documents/bus69-protecting-personal-information-guide- business • http://www.sba.gov/category/navigation-structure/starting-managing- business/managing-business/business-guides-industry • http://business.ftc.gov/privacy-and-security/data-security A detailed version of this guide is available here: http://www.choosewhat.com/starticles/small-business-security-essentials
Sharing is Caring!! Brought to you by:

Recommended

Essential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network SecurityEssential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network Security
Precisely
 
Humming Heads Presentation
Humming Heads PresentationHumming Heads Presentation
Humming Heads Presentation
Dansha
 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
Benefits of IT Outsourcing
Benefits of IT OutsourcingBenefits of IT Outsourcing
Benefits of IT Outsourcing
MultiTech IT
 
Data-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityData-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD Security
Bitglass
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
David Strom
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…Christopher Kranich
 

Recommended

Essential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network SecurityEssential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network Security
Precisely
 
Humming Heads Presentation
Humming Heads PresentationHumming Heads Presentation
Humming Heads Presentation
Dansha
 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
Benefits of IT Outsourcing
Benefits of IT OutsourcingBenefits of IT Outsourcing
Benefits of IT Outsourcing
MultiTech IT
 
Data-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityData-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD Security
Bitglass
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
David Strom
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…Christopher Kranich
 
10. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-0110. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-01Hans W. Flisnes
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
Nitesh Malviya
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
Sophos
 
Andy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility SolutionsAndy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility SolutionsAndy (Avraham) Blumenthal
 
UniQ-ID Identity and Access Management
UniQ-ID Identity and Access ManagementUniQ-ID Identity and Access Management
UniQ-ID Identity and Access Management
Frans Bolk
 
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
Andris Soroka
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your Firewall
Sophos
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
odix (ODI LTD)
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
Charles Cline
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
Internet of Things Security Risks for Businesses
Internet of Things Security Risks for BusinessesInternet of Things Security Risks for Businesses
Internet of Things Security Risks for Businesses
Mike Ryan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
Iot security
Iot securityIot security
Iot security
Eng Hasan Shamroukh CISCO Exams Author
 
mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
Wireless security toai vm
Wireless security toai vmWireless security toai vm
Wireless security toai vm
Kitaro Lee
 
Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec TiscAung Khant
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Proses Akumulasi Indonesia
Proses Akumulasi IndonesiaProses Akumulasi Indonesia
Proses Akumulasi Indonesiajahenfr
 

More Related Content

What's hot

10. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-0110. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-01Hans W. Flisnes
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
Nitesh Malviya
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
Sophos
 
Andy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility SolutionsAndy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility SolutionsAndy (Avraham) Blumenthal
 
UniQ-ID Identity and Access Management
UniQ-ID Identity and Access ManagementUniQ-ID Identity and Access Management
UniQ-ID Identity and Access Management
Frans Bolk
 
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
Andris Soroka
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your Firewall
Sophos
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
odix (ODI LTD)
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
Charles Cline
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
Internet of Things Security Risks for Businesses
Internet of Things Security Risks for BusinessesInternet of Things Security Risks for Businesses
Internet of Things Security Risks for Businesses
Mike Ryan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
Iot security
Iot securityIot security
Iot security
Eng Hasan Shamroukh CISCO Exams Author
 
mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
Wireless security toai vm
Wireless security toai vmWireless security toai vm
Wireless security toai vm
Kitaro Lee
 
Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec TiscAung Khant
 

What's hot (20)

10. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-0110. hddn-datalekaje-hs-01
10. hddn-datalekaje-hs-01
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
 
Andy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility SolutionsAndy Blumenthal Talks About Mobility Solutions
Andy Blumenthal Talks About Mobility Solutions
 
UniQ-ID Identity and Access Management
UniQ-ID Identity and Access ManagementUniQ-ID Identity and Access Management
UniQ-ID Identity and Access Management
 
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your Firewall
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
 
Internet of Things Security Risks for Businesses
Internet of Things Security Risks for BusinessesInternet of Things Security Risks for Businesses
Internet of Things Security Risks for Businesses
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
 
Iot security
Iot securityIot security
Iot security
 
mobile application security
mobile application securitymobile application security
mobile application security
 
Wireless security toai vm
Wireless security toai vmWireless security toai vm
Wireless security toai vm
 
Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec Tisc
 

Viewers also liked

Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Proses Akumulasi Indonesia
Proses Akumulasi IndonesiaProses Akumulasi Indonesia
Proses Akumulasi Indonesiajahenfr
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
gurneyhal
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Information Security Business Middle East 2011
Information Security Business Middle East 2011Information Security Business Middle East 2011
Information Security Business Middle East 2011
Arjun V
 
Management information System and its types
Management information System and its typesManagement information System and its types
Management information System and its types
Abdul Rehman
 
Sistem Biaya dan Akumulasi Biaya
Sistem Biaya dan Akumulasi Biaya Sistem Biaya dan Akumulasi Biaya
Sistem Biaya dan Akumulasi Biaya
Mandiri Sekuritas
 
Types o f information systems
Types o f information systemsTypes o f information systems
Types o f information systems
Bimbashree K.G
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
Narudom Roongsiriwong, CISSP
 

Viewers also liked (10)

Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Proses Akumulasi Indonesia
Proses Akumulasi IndonesiaProses Akumulasi Indonesia
Proses Akumulasi Indonesia
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Information security
Information securityInformation security
Information security
 
Information Security Business Middle East 2011
Information Security Business Middle East 2011Information Security Business Middle East 2011
Information Security Business Middle East 2011
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small business
 
Management information System and its types
Management information System and its typesManagement information System and its types
Management information System and its types
 
Sistem Biaya dan Akumulasi Biaya
Sistem Biaya dan Akumulasi Biaya Sistem Biaya dan Akumulasi Biaya
Sistem Biaya dan Akumulasi Biaya
 
Types o f information systems
Types o f information systemsTypes o f information systems
Types o f information systems
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 

Similar to Small Business Guide to Information Security

Harbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vidHarbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vid
Ernest Staats
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
SmartCompliance
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical Security
Precisely
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
How to secure a safe teleworking environment
How to secure a safe teleworking environment How to secure a safe teleworking environment
How to secure a safe teleworking environment
LCpublicrelations
 
Internet
InternetInternet
Internet
youssefchefcher
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
Nikec Solutions
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
Biblical Counseling Center of Bradenton, FL
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
Physical Security
Physical SecurityPhysical Security
Physical Security
kavitha muneeshwaran
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
gouriuplenchwar63
 

Similar to Small Business Guide to Information Security (20)

Harbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vidHarbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vid
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical Security
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
How to secure a safe teleworking environment
How to secure a safe teleworking environment How to secure a safe teleworking environment
How to secure a safe teleworking environment
 
Internet
InternetInternet
Internet
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
 
MADS6638
MADS6638MADS6638
MADS6638
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 

Recently uploaded

Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
Any kyc Account
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Boris Ziegler
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
RajPriye
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 

Recently uploaded (20)

Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 

Small Business Guide to Information Security

  • 1. Small Business Guide to 4 Simple Steps To Protecting You & Your Customers Evaluate Remove Prevent Dispose
  • 2. EvaluateYour Company’s Assets & Identify Sensitive Information Step1 Develop a list of physical and digital assets located within each room of your company *Don’t forget storage, equipment, software & networks for each room Treat each digital device as an “office room” Take inventory of all personal and sensitive information stored or transmitted through these devices. Answer the following questions for each piece of office equipment:
  • 3. EvaluateInformation Security Questionnaire – Digital Asset Evaluation Step1
  • 4. RemoveAll identified security threats & unsecure practices Step2 Review your physical & digital asset log to identify sensitive data you do NOT need Only request sensitive data on the LAST step of transactions *Financial data should only be requested for processing payment or tax documents. NEVER include the expiration date or more than 5 digits on a sales receipt All online transactions or sharing of sensitive data should be done on a Secure Sockets Layer (SSL) *See final slide of Small Business Guide for secure payroll and ecommerce software
  • 5. PreventFuture Security Breaches by Addressing Digital Security Step 3 Take inventory of new IT equipment that collects sensitive data *Log each VIN # and check it periodically to ensure it has not been switched Identify all connections to computers, servers & IT equipment that may contain sensitive data *iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc. Do NOT email sensitive data, use an online fax service *Faxing is the most secure way to transfer sensitive information, although fax machines are built with an internal hard drive that is often hacked when a company disposes of it. Use a Password Management Service Don’t store sensitive data on electronic devices that are easily stolen or lost *If needed, use an online backup service with an encryption & auto-destroy function
  • 6. PreventFuture Security Breaches by Addressing Physical Security Step 3 Define employee guidelines, responsibilities & restrictions upon new employee hire & in company handbook. Make sure your employees log-off their computers and lock all cabinet doors prior to leaving each day. *iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc. Do NOT email sensitive data, use an online fax service. *Faxing is the most secure way to transfer sensitive information, although fax machines are built with an internal hard drive that is often hacked when a company disposes of it. Lock all file cabinets with sensitive information & start a “sign in/out” system each time they are accessed. *This should be true of off-site storage facilities as well.
  • 7. DisposeOf any and ALL sensitive information Step 4 Make shredders available throughout the office, especially around mail areas, copy or fax machines *Do not create a “To Be Shredded” box, this will only increase your risk Erase electronic devices COMPLETELY before removal. *There are software options available to clean all electronics periodically or wipe completely Mail centers and fax machines should be placed in private area, AWAY from foot traffic *According to a GFI study, 49% of employees claimed to have seen a paper fax that was not intended for them
  • 8. Security Software Recommendations Explain this point in a few sentences. An infographic doesn’t necessarily mean you aren’t allowed to use words. Secure Online Shopping & Payroll • Intuit GoPayment • Intuit Online Payroll Password Management • Lastpass • Dashlane Secure Online Backup • iDrive • Carbonite Online Backup External Hard Drive with “Auto Destroy” Feature • Apricorn Aegis Padlock 1 TB USB 3.0 256-bit AES XTS Hardware Encrypted Portable External Hard Drive • Apricorn Aegis Padlock 500 GB USB 2.0 256-bit Encrypted Portable External Hard Drive • Apricorn Aegis Secure Key FIPS Validated 16 GB USB 2.0 256-bit AES-CBC Encrypted Flash Drive Security Software for Portable Electronics • LoJack for Laptops Secure Online Fax Plans • MetroFax Essential • Nextiva Single User • eFax – eFax Plus
  • 9. Sources Explain this point in a few sentences. An infographic doesn’t necessarily mean you aren’t allowed to use words. ChooseWhat.com would like to thank the following websites for their help in developing this information security guide. • http://business.ftc.gov/documents/bus75-medical-identity-theft-faq-health-care- health-plan • business.ftc.gov/privacy-and-security • David of FindAFax.com • www.OnGuardOnline.gov • Electronic Code of Federal Regulations • http://business.ftc.gov/documents/bus69-protecting-personal-information-guide- business • http://www.sba.gov/category/navigation-structure/starting-managing- business/managing-business/business-guides-industry • http://business.ftc.gov/privacy-and-security/data-security A detailed version of this guide is available here: http://www.choosewhat.com/starticles/small-business-security-essentials