During this difficult time, DGC provides you with updates and resources here.
October is Cybersecurity Awareness Month and to help drive awareness of critical security issues, we'll be posting DGC's Cybersecurity Tip of the Week through the end of the month.
Businesses store and process significant amounts of sensitive information every day. This information might take the form of intellectual property, customer records, legal documents, financial information, transactional data, and health records, among other types.
Are you aware of your regulatory cybersecurity responsibilities based on where you're domiciled and with whom you're doing business? For example, companies that do business with residents of the Commonwealth of Massachusetts are subject to MA 201 CMR 17.00. If you are doing business with European Union countries' citizens, you may be subject to GDPR, even if your company is exclusively based in the United States. Consequences of noncompliance can be significant.
Do you know the types of data you receive and generate? Do you know where within your infrastructure, including the cloud, that you store it? Does it have a lifecycle, or does it exist forever within your network?
Are you encrypting your and your customers' sensitive information not just at rest but in transit as well?
Beyond regulations, have you considered assessing yourself against information security best practices? Doing so would illustrate where you're falling short of compliance obligations and identify cybersecurity exposures. Going forward, you can measure progress against this baseline as you improve.