The first step in protecting a business from cyber threats is to identify the “crown jewels” of your business. Those assets and systems that are critical to your business–would have difficulty operating if they were lost our compromised and/or could be a high value target for cybercriminals.
Always think broadly about critical assets. They could be data such as customer or employee data, systems such as ordering, inventory or scheduling and/or intellectual property.
Sometimes business think why would I be target? I am small and what I have may not be of value. According to Trend Micro, everything from cell phone numbers to email addresses has a value on the black market. Furthermore, cybercriminals target banking information in order to steal money directly.
Once a business understands the value of their data and technology, they can be better positioned to protect it from theft.
Identifying and creating an inventory of technology and data assets is the first step in the CyberSecure My Business Program. Businesses can create their own inventory lists or choose from the resources below.
Remember, inventory lists should be living documents and updated regularly. They also need to be stored securely with multiple copies, including backed up offsite.
IDENTIFY Items to Consider:
- Create a detailed inventory list and update it routinely
- Include data and technology assets in an inventory list
- Know where data and technology are stored and who has access to both
NIST Cybersecurity Framework Steps