Do you maintain personal information on your customers or employees? Do you take payments from your customers? Do you collect and store important information about your business?
If you answered yes to any of those questions, you need to inventory the consumer information collected, processed, and stored by your company and conduct a risk assessment to evaluate the applicable security risks.
In this short video, Christopher Avery offers an overview of how administrative, technical, and physical controls can be used to help prevent the unauthorized access and disclosure of sensitive information and how to perform a basic risk assessment. https://vimeo.com/126326503