Issue link: http://viewer.e-digitaledition.com/i/970884
C BY ALLISON E. COLE, ESQ. Basics for Small Business Owners Cybersecurity IN OUR FIRST two articles, we discussed the definition of cybersecurity and the laws and regulations governing cybersecurity. In this article, we will discuss the steps to implementing a Cybersecurity Program in your organization. Regardless of size of your organization, each of these steps can be scaled in breadth and complexity to protect your business from common cybersecurity risks and noncompliance. Step One: Conduct a Risk Assessment. A risk assessment is an investigation into your organization's current business practices to determine what elements of a Program exist. This information can be gathered by employee interviews, questionnaires, and document gathering, such as policies, procedures, training, technology, incidents, and contracts. Once gathered, it is necessary to identify gaps and vulnerabilities in your current practices and rank in order of importance and risk. It is important to understand that you cannot conquer everything in your risk assessment at the same time. This initial and critical step in the process of creating an effective Program is often skipped by organizations, whether by lack of time and resources or simply general unawareness of the value of risk assessments. Step Two: Update Prog ra m. A long with remediating a ny gaps in your current Prog ra m, you will need to ensure that updates to the Prog ra m a re properly com- municated to your employees a nd third pa r ties. It is not enough to update a policy if it is not then put into practice through communication a nd tra ining. Step Three: Audit your Cybersecurit y Prog ra m. It is not effective to complete Steps One a nd T wo w it hout a periodic rev iew to ensure that your prog ra m is complia nt a nd up to date. Auditing your prog ra m to ensure that those involved, from employees to vendors, are following the policies and procedures established by your Progra m will provide you with insight on whether your Progra m is effective. Next Article: Breaches NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice. Allison Cole is an attorney with the law firm of Krugliak, Wilkins, Griffiths & Dougherty Co., LPA, in Canton, Ohio. n 1 8 1 8❱❱❱❱❱ L E G A L- E A S E