Detect, respond and recover

The Better Business Bureau knows that National Consumer Protection week, which concludes Saturday, is not exactly something that is widely celebrated. It is, however, something that should be given attention for its significance to both business and consumers.

We all know that what impacts consumers also affects business. In the recent past, cyber intrusions have hurt many businesses and organizations. It has become challenging for many to keep their online and digital presence and purchasing decisions safe.

Businesses have a huge responsibility that they did not have even a few years ago --[ protection of consumer data and their overall privacy.

In the last analysis, trust is the key factor in buying decisions, with a violation of that trust resulting in potentially very serious consequences.

Just last week an Iowa Attorney General’s Office news release detailed a significant data breach by a cellphone provider. It suggested victims consider credit monitoring services, a credit freeze with the three credit reporting agencies and credit report fraud alert.

Collecting data comes with obligations and responsibilities in the event of a compromise of customers’ sensitive personal information. Those include monitoring data inventory and diligently deleting unneeded or old data.

One also should take all necessary steps to keep security standards current.

It is not only about adding layers of security technology. It starts with understanding and managing risk.

The Five-Step Approach to Better Business Cybersecurity, based on the National Institute of Standards and Technology Cybersecurity Framework, represents an approach that applies to business by helping to understand how best to identify and protect vital data and technology assets, and how to detect, respond to and recover from an incident.

A collaboration between the BBB and the National Cyber Security Alliance, the goal is to empower businesses to begin to assess what needs to be protected and then encourage those businesses to become more resistant to cyber attacks or other incidents and more resilient if an issue would occur.

Step 1: Identify

Take inventory of key technologies you use and know what information you need to rebuild your infrastructure from scratch. Inventory the key data you use and store and keep track of likely threats.

Step 2: Protect

Assess what protective measures you need to have in place to be prepared. Develop policies for technologies, data and users, and ensure that your contracts with cloud and other technology service providers include the same protections.

Step 3: Detect

Establish measures to alert you of current or imminent threats to system integrity, loss or compromise of data. Train your users to identify and speedily report incidents.

Step 4: Respond

Create an Incidence Response Plan to contain an attack or incident and maintain business operations in the short term.

Step 5: Recover

Know what to do to return to normal business operations after an incident. Protect sensitive data and your business reputation over the long term.

Bobby Hansen is regional director for the Better Business Bureau Cedar Rapids office; (319) 365-1190.