What is your plan? Do you have a technology plan – 3 ring binder or bigger that you can put your hands on? If you don’t, not only can we help you achieve proper planning, we can help implement operations reviews, audits, and other testing you probably are required to do under some compliance laws.
If you accept credit cards, you are subject to PCI-DSS compliance rules. If you have, touch or can see Protected Health Information, you are either a Covered Entity or a Business Associate and you are fully responsible yourself for implementing policies to demonstrate HIPAA compliance. If you are a financial institution, you are subject to GLB or SOX. You should have an extensive plan, tested by outside experts and frequently updated with the latest threats.
It takes one wrong click by an employee or an executive to have an unscheduled test of your plan. Always be prepared is good advice to follow.