Cybersecurity Frequently Asked Questions

What Is Cybersecurity?

Cybersecurity refers to the protection of data against unauthorized use or from criminals.

What types of businesses are most at risk for a cyberattack?

The truth is that all businesses—small and big—are at risk for a cyberattack. While big businesses may be attractive targets, it is usually smaller businesses that are more vulnerable.

How can I better protect myself against cybercriminals?

There are several practical points that should be noted but if it had to be summed into one sentence it would be to take reasonable measures to protect your business. Reasonableness is often measured by industry standards. In other words, ask yourself what are businesses in the same or in a similar industry are doing to protect themselves—this is usually the baseline or minimum of what you should be doing.

What are a few examples of the basic security measures I should be taking for my business?

To start, ensure that all of your software is up-to-date and that you have anti-virus and anti-malware software. Other recommendations include adopting cybersecurity awareness and training for your staff, using a VPN and multi-factor authentication, and implementing strong password policies.

What is a phishing attack?

A phishing attack is a type of social engineering attack that fools users into clicking on an attachment or on a link, typically in an e-mail format.

What is a ransomware attack?

Ransomware refers to a malicious software that often blocks access to a computer or online portal unless a ransom is paid.

What is malware?

Malware is also referred to as malicious software, which is used to infect a computer, network or website—this is often in the form of a virus, Trojan, or worm.

What is an Incident Response Plan?

An Incident Response Plan acts as a helpful resource for you and your business in case there is a data breach or an incident. It provides a set of instructions and contacts for your staff members.

What is a Privacy Policy?

A Privacy Policy is an agreement between your busienss and your website visitors or users of your applications regarding the personal information that you are collecting from them and how you are using, storing and handling it.

What does a Privacy Policy cover?

A typical Privacy Policy will cover the types of information that is being collected, the purpose of the collection and how it is being stored and used, data transfers, any applicable affiliated websites, and cookies.

Do I need a Privacy Policy?

If you collect any type of personal information, you are legally required to have a Privacy Policy. We recommend contacting us for a consultation and for your Privacy Policy drafting needs.

What kind of information constitutes as personal information?

Although personal information may be defined differently depending on who you ask, it is generally agreed upon that it refers to first or last names, dates of birth, social security numbers, billing or shipping addresses, email addresses, phone numbers, etc. In sum, personal information refers to any information that can identify an individual.

What is the California Online Privacy Protection Act (CalOPPA)?

The California Online Privacy Protection Act (CalOPPA) instructs that all commercial websites and apps that collect and maintain personally identifiable information from California residents must have a Privacy Policy.

What is Terms of Use Agreement?

A Terms of Use Agreement is a legal agreement that sets the rules and regulations of visitors using your website. It is often times used to limit the liability of your business by setting expectations between you and the user.

What is the California Consumer Privacy Act (CCPA)?

The CCPA gives California consumers more control over the personal information that businesses collect about them.

What is considered personal information under the CCPA?

According to the California Office of the Attorney General, personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

Who does the CCPA apply to?

The CCPA applies to for-profit businesses that do business in California and meet any of the following:
a. Have a gross annual revenue of over $25 million;
b. Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
c. Derive 50% or more of their annual revenue from selling California residents’ personal information.

Does the CCPA apply to nonprofits or government agencies?

The CCPA does not apply to nonprofit organizations or government agencies.

I want to know how to become compliant with the CCPA—what should I do?

To become compliant with the CCPA, there are specific actions your business must take, which we recommend discussing with a licensed attorney.

What is the California Privacy Rights Act (CPRA)?

The CPRA amends certain provisions and requirements of the CCPA and establishes the California Privacy Protection Agency to oversee the law.

When does the CPRA go into effect?

The CPRA is scheduled to go into effect on January 1, 2023.

What is the General Data Protection Regulation (GDPR)?

The GDPR regulates data protection and privacy in the European Union by setting guidelines for the collection and processing of personal information.

Are US-based business required to become compliant with the GDPR?

In some cases, it can be. Contact us for more information in regards to whether your business must adhere to the European laws.