Identify the Information your Small Business Handles
Proper security starts with cataloging IT assets and data. The first step you should take is to get full and complete inventory of all of the IT assets your company is using, software assets, and version information. Every IT asset should be listed out, along with the operating system, and data held by the asset. There are numerous types of data but they include:
Personally Identifiable Information: (This may consist of names, phone numbers, addresses, or any other data that can be used to uniquely identify an individual
Personal Health Information: These are personal health records of individuals that can be tied back to the individual. If your organization handles PHI in a meaningful way you are likely bound by the HIPAA Security Rule and should seek immediate guidance on compliance.
Financial Information: This data consists of the financial information of your employees or customers and should be guarded with strict security measures. Implementing advanced data protection around critical information assets containing PII, PHI, and Financial Data is absolutely critical.
Once your inventory is complete you should have a solid understanding of what your IT assets are, what software is running on them, and what data is being stored on them.