Suggestions for starting work on your Cybersecurity Policy:
- Take a risk assessment – I know everyone talks about risk, but the truth is how can you determine what are the issues if you don’t look at the potential risks. I suggest this is a big project and a great first step.
- Identify all sensitive data that you collect and maintain
- where is is stored (cloud, server, third party)?
- how is is accessed (what types of remote devices access your date)?
- are you allowing employees to access remotely?
- what third parties have access to your data?
This is going to be a process. I’ll walk you through it over the next several weeks. But this first step will go a long way to get you started.