Cybersecurity Awareness Month – Privacy Regulations

Privacy Regulations are Growing Teeth

Privacy regulations have been passed in most industrialized countries of the world.  They all seek to protect the non-public personal information that companies collect, update, sell, and use to sell their products to the world.  If your business has a website, you need a privacy policy that spells out what you collect, how you use it, how to get it corrected, removed, and never sold.  You should consider putting a Data Protection Officer in place, and ensure you comply with legislation that applies to your jurisdiction.  If in the EU, that General Data Privacy Regulations, if you’re located in http://or California specifically, the US you’ll need to check your local state requirements. One of the most effective US legislative measures passed was in California and was based loosely on GDPR.  It’s called CCPA or the California Consumer Protection Act.

Dealing with Data Privacy by identifying all the consumer data you collect and stating in your website privacy policy how you will use it is an important step to complying with the various privacy laws of the world.  The sooner you do, the better you’ll sleep at night knowing you have a handle on your data privacy.

CyberHoot recommends the following protective measures to help improve your overall cybersecurity protections and reduce the risk of compromise at your company.

CyberHoot Best practices:

1. Train your employees on the common attacks that are out there.  From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks.  Awareness is the key to defending your business.
2. Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
3. Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency.  Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
4. Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts,  Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
5. Test employees on how to spot and avoid phishing attacks.  CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure.  Instead we reward them for success.  More info is available here.
6. Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
7. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
8. If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
9. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.

We hope you’re enjoying Cybersecurity Awareness Month (CAM).  Visit or subscribe to CyberHoot’s Facebook, LinkedIn, or Twitter pages to get daily updates throughout the month.

Sources:

Bromium: Into the Dark Web of Profit 

Secure your business with CyberHoot Today!!!

Sign Up Now