Inventory your business

 The start of getting a good grasp on your company's cybersecurity posture is to gather an inventory of your business.





An example of why this is necessary is: I recently had a conversation with a business that had scanned copies of all the checks from transactions they did with customers. They had years worth of scans of these documents. If they were to have the data stolen, being they are in Texas, they would likely been liable for complying with the Texas Identity Theft Enforcement and Protection Act (TITEPA)

For TITEPA, if you fail to take reasonable action to comply with the breach notification requirements of the law, the Texas Attorney General may seek civil penalties from $2,000 to $50,000 per violation. In cases of unlawful data disposal, your business can be fined up to $500 for each record.

If you think it will never happen to your company, check out this list from the TX AG office and click on the right hand most column to sort by date:
https://oag.my.site.com/datasecuritybreachreport/apex/DataSecurityReportsPage
 

What do you include in your inventory?

Technology the business has – mobile devices, network, PCs, printers, shredders, IoT devices, etc…

Software the business uses – local, Software as a Service like Quickbooks Online, Xero Accounting, Stripe/Square, M365, Google Enterprise, Wix, Social media logins…

Data the business has and where is it – Payroll data in Quickbooks, SSNs, W-2, W-4, I-9, incorporation docs, bills+account numbers and contacts/responsible parties, CRM customer lists, invoices, trade secrets, formulations, login info, PHI….  Printed, electronic, stone tablets

Third Parties the business uses – Shared office space, cleaners, landlord of a leased office building, Accountant, Banks, CC processor

Locations where business is conducted or business assets may be present – Cars, Office locations, home along with the Keys to these locations. I encourage you to maintain a key inventory right beside your software access inventory which is tied with employee onboarding and off boarding procedure.

Personnel - Employees, Interns, Volunteers, anyone who has access to the components of company “inventory”

While gathering all of this you might as well lump in all other Business Assets including tools of the trade.

What do you do with your inventory?

You have to look at each item in your inventory This is a simple sample examination of Technology though the Privacy, Security and Compliance lenses.

Privacy: Are there cameras in locations where privacy is expected? What about an IoT speaker like Alexa or Google? Are phone calls recorded and is appropriate notification given?

Security: Do applications you use online have multi-factor authentication enabled? Are systems patched on a regular basis? Are computers configured to require a password? Being a small business, Is there a separation of personal and business devices? Do computers and mobile devices have their storage encrypted or a power-on (BIOS/hard drive) password? Do you follow a Cybersecurity Framework?

Compliance: Many regulations have provisions requiring security. Some of the top ones are HIPAA, FTC, OSHA, GLBA and SOX. This is just a small list. If you are not sure what regulations you need to comply with, have a conversation with your attorney.

What are the uses for an inventory of your business?


Risk Management: The inventory is used to identify potential risks and vulnerabilities in your business. For example, outdated hardware or software can pose a security risk. 

Business Continuity and Disaster Recovery: The inventory can support business continuity and disaster recovery planning. If a disaster occurs, you'll know exactly what needs to be replaced or restored.

Insurance Valuation and Claims Processing: Having a complete inventory can help you ensure that your business is adequately insured.

Asset Tracking: In case of theft or employee fraud, an updated inventory can help track the assets and possibly assist in recovery.

Financial Reporting and Audit: Detailed inventory information can assist in financial reporting and audits. It can provide a clear picture of the company's assets, their value, and depreciation, which is essential for accurate financial statements.

Operational Efficiency: Understanding what resources you have and where they are can improve operational efficiency. It can help identify redundancies, streamline processes, and optimize resource usage.

Strategic Planning: An inventory can inform strategic planning by providing a snapshot of the current state of your business. It can help identify areas where investment is needed, guide decisions about technology adoption, and support capacity planning.

Employee Management: By tracking which employees have access to which resources, the inventory can help manage roles and responsibilities more effectively. It can also support risk management, onboarding and off boarding processes.

Vendor Management: If your inventory includes information about software and hardware vendors, it can support vendor management activities, such as contract renewal, negotiation, relationship management, and cost control.

Regulatory Compliance: While this is part of your original use case, it's worth emphasizing that an inventory can be crucial for demonstrating compliance with various regulations. It can help you prove that you're managing your assets responsibly and protecting sensitive data.

Mergers and Acquisitions: If your company is involved in a merger or acquisition, a detailed inventory can facilitate the due diligence process by providing clear information about the company's assets and liabilities.


I hope this knowledge helps motivate you to securing up your business and if you need assistance, I encourage you to contact a managed service provider and make sure your level of service includes secure configuration of your systems and applications you use. An MSP or MSSP (Managed Security Service Provider) will guide you thorough the steps necessary to protect your business.

Comments

Post a Comment

Popular posts from this blog

Microsoft Windows disk filling up?

Image
If you've been using your Windows computer for more than a year, you may have noticed that the free disk space gradually dwindles, or perhaps you're encountering issues installing updates. Don't panic, there's a way to address this by using couple of commands. There are two tools that will likely clean things up for you. The first is DISM, short for Deployment Image Servicing and Management. I suggest you run this tool once to clean up and a second time to perform a health check on windows. Before continuing, save all work and close all applications. With everything closed out the next step is to launch an Administrator command prompt to run these commands. Click on the Start Menu and type "cmd" into the search bar. In the search results, you'll see "Command Prompt." Right-click on it and select "Run as administrator." Next you will need to copy and paste or type in the commands. You will run them one after the other. Be patient as they
Read more

De-cluttering Windows 10 and 11 with less than 100 clicks

Image
First I will state that if you use a managed service provider for your small business, and they are good, they "should" handle this for you as part of their service unless you are paying rock bottom prices. You get what you pay for and IT folk work hard to know what to do to optimize your systems for productivity. There are three main steps to this:  Open a powershell window as administrator copy and pasting some powershell code to run in that window press enter after pasting to run the code For Windows 10: Click on the Start button or press the Windows key on your keyboard. Type "PowerShell" into the search bar. Right-click on the "Windows PowerShell" result and select "Run as administrator". If the User Account Control dialog box appears, click "Yes" to allow the app to make changes to your device. For Windows 11: Right-click on the Start button or press the Windows key + X on your keyboard. From the menu that appears, select "Wi
Read more