Most small business owners are not aware that there are already state-level laws that affect them. These laws typically cover things such as cybersecurity incidents, data breaches, and privacy protection. Nearly every state has its laws around data breaches and disclosures. You may not realize it, but for every state you do business in, you are probably expected to operate in a different legal framework.
Here are some of the most important controls the cybersecurity experts say to have:
- Mobile device management (MDM)
- Endpoint detection and response( EDR)
- Vulnerability management
- Data loss protection (DLP)
- Identity and Access controls (IAM)
- Cybersecurity risk training
- Regular cybersecurity risk assessments
- Regular software updates
- This includes your phone
Reality check: Not all states enforce these laws. But, but, but… Courts have established legal precedents for consumer rights when there are data disclosures.