Reduce Your Risk
A customer data breach is the probably the biggest information security risk for any business that stores any personally identifiably data about their customers. Personally identifiable data includes names and addresses, email addresses, phone numbers or other information that points to a specific individual.
The US Securities and Exchange Commission (SEC) reports that up to 60% of small businesses shut down if impacted by a data breach.
Use the checklist to review your safeguards for common information risks. This list is designed to help you get started quickly and without paying for expensive security audit or compliance services.
This checklist is provided in Microsoft Excel format. You can customize it with your business name/logo, fill out with your specific selections, and save as your internal information security plan document. If you need a printable version (in PDF format), simply email us (firstname.lastname@example.org).
If you do plan to get security certified or meet certain standards for compliance, using this list will help you prepare for questions the formal audit will ask.
Having an information security plan means you can claim that you have information security safeguards in place. Many companies mention this on their website, either with a dedicated page, named "Security", and linked from their website footer, such as used by TripIt - you can see it at tripit.com, by scrolling down to the footer.
Alternatively, you could place a short and clear piece of text, such as "We are committed to protecting your data. We employ a combination of physical security safeguards, information security best practices, and data encryption to keep your information safe."
This lets you stand out from less sophisticated local businesses, mom and pop stores, or fly-by-night operations.