Cybersecurity for entrepreneurs and micro small business
Cybersecurity4biz is a Service-Disabled Veteran Owned Micro Business that provides cybersecurity compliance to entrepreneurs and micro businesses with less than 20 computers doing business in the US or Canada.
Cybersecurity Compliance is so CONFUSING… what regulations do I need to follow?
You need to follow cybersecurity regulations based on industry you are in and location of where you do business or where your customers live.
See the information below about which ones may affect you.
Unfortunately, the United States does not have any federal cybersecurity regulations. So many industries, and government agencies regulating those industries, have made their own laws. Depending on which industry you work in, you must meet certian regulations.
-
Children’s Online Privacy Protection Rule (COPPA) (If you help clients under the age of 13)
Fair Credit Reporting Act (FCRA) (any prospective user of a consumer report)
Payment Card Industry Data Security Standard (PCI DSS) (If you process credit card payments)
Sarbanes–Oxley Act (SOX) (if you have clients that are publicly owned)
-
Bank Secrecy Act (BSA) (If you conduct transactions on behalf of your client)
Children’s Online Privacy Protection Rule (COPPA) (If you help clients under the age of 13)
Fair Credit Reporting Act (FCRA) (any prospective user of a consumer report)
Financial Industry Regulatory Authority (FINRA) (If you do any funding type activities)
Gramm-Leach-Bliley Act (GLBA) (If you sell, offer, or advice on any financial products, services, or loan like activities)
Health Insurance Portability and Accountability Act (HIPAA) (if you have clients in the healthcare industry)
IRS Publication 4557, Safeguarding Taxpayer Data (If you eFile or transmit W-2, 1099 info to the IRS)
Payment Card Industry Data Security Standard (PCI DSS) (If you process credit card payments)
Sarbanes–Oxley Act (SOX) (if you have clients that are publicly owned)
-
Children’s Online Privacy Protection Rule (COPPA) (If you help clients under the age of 13)
Health Insurance Portability and Accountability Act (HIPAA) (if you handle any Protected health information (PHI) or administer healthcare to clients/patients)
Payment Card Industry Data Security Standard (PCI DSS) (If you process credit card payments)
-
Cybersecurity Maturity Model Certification (CMMC) (If you do contracting business as prime or sub, with the DoD)
Federal Information Security Modernization Act (FISMA) (If you do contracting business with the government)
Risk Management Framework (If you do contracting business with the government)
The United States also does not have any federal consumer data and privacy protection laws. So many states have made their own. Is your business is located in or do you have clients in any of these locations?
-
California Consumer Privacy Rights Act (CCPA)
California Privacy Rights Act (CPRA)
Connecticut Data Privacy Act (CTDPA)
Delaware Personal Data Privacy Act (DPDPA )
Indiana Consumer Data Protection Act (Indiana CDPA )
Iowa Consumer Data Protection (ICDPA)
Montana Consumer Data Privacy Act (MTCDPA)
Tennessee Information Protection Act (TIPA)
Texas Data Privacy and Security Act (TDPSA)
-
Canada Consumer Privacy Protection Act (CPPA) (If you collect info about clients in Canada)
Canada Payment Services Directive 2 (PDS 2) (If you process credit card payments in Canada)
Canada Personal Information Protection and Electronic Documents Act (PIPEDA) (If you conduct business in Canada)
-
What can happen if I don’t comply with cybersecurity regulations and I have a data breach?
Legal Penalties
Enforcement Actions
Loss of Reputation and Trust
Civil Litigation
Remediation Costs
Loss of Business Opportunities
Loss of Regulatory Approval
How do I meet all these cybersecurity regulations?
Cybersecurity is mandated by the government and expected by your customer! There are many regulations, but one solution can solve them all.
Here are some simple steps to follow so you can be cybersecurity compliant and protect your customers information.
-
Step 1
10 things you can do today to start protecting your data!
-
Step 2
Do an assessment of your current cybersecurity posture!
-
Step 3
Creat a cybersecurity plan to meet any applicable regulations.
-
Need more resources?
These links will provide plenty of information.
-
Cybersecurity Tips
Free Downloadable PDF’s for Families and Small Businesses.
-
Glossary
Glossary and definitions of common cybersecurity terms.
