Month: December 2019

A Cybersecurity Checklist for Entrepreneurs

By: Christian Wolgemuth

Entrepreneurs are people who like to get things done, and checklists are a great tool for accomplishing tasks and reaching milestones. A business plan is just another form of a checklist. “Identify your target market, secure financing, hire employees,” etc. These are all items you would expect to see on a checklist for starting a business. An item that must be included in any startup business plan, and which deserves a checklist of its own, is cybersecurity. The following checklist should serve as a guide for entrepreneurs trying to navigate the world of cybersecurity concerns while starting a business.

Use strong passwords

Passwords protect sensitive information from unauthorized access, but having a weak password is just like leaving the front door unlocked. Default passwords absolutely must be changed, and passwords must be complex enough that no one can guess what they are. This is true for administrative passwords as well as personal passwords. Furthermore, passwords should never be written down. The best practice is to use password management software or a password “vault” that can safely store passwords in an encrypted format. An added benefit of password vaults is that they can help enforce strong password management policies, like changing passwords regularly and mandating complexity requirements.

practice good email hygiene

Many highly publicized data breaches have been the result of phishing attacks. Never open attachments or click on email links from someone you don’t know. If you can run a security check on an attachment or link before opening it, you should always do so.

Also, never communicate with an unfamiliar party via email. Scammers and hackers can spoof the sender address of an email to make it look like it came from someone else. Be alert and skeptical of any emails that seem fishy or out of place. If you receive an email from someone you have done business with, call them on the phone to confirm the authenticity of the email before replying with any sensitive information.

enable strong network security

Every connected device is a possible entry point into your network and to your sensitive information. Businesses need to keep track of those devices and keep them individually safe to protect the entire network. Whoever the IT person is – whether it’s a dedicated employee or the general manager – he or she should take an inventory of every electronic device in use by the company. Every one of those computers and devices should be behind the network firewall, and network communication between those devices should always be encrypted. When using mobile devices outside of the office, use a secure VPN to connect to both the internet and to company resources. Mobile devices should NEVER be used on unsecured public wi-fi. Once strong network security is enabled, companies should consider conducting penetration tests with the assistance of outside security firms.

Know where you are “doing business”

Different jurisdictions have different legal rules and requirements. This means that businesses must pay very close attention to where they are “doing business.” Even just the phrase “doing business” can mean something different in different states. Generally speaking, if you have an office, have customers, or advertise your products or services in a state you are likely “doing business” in that state. If you are doing business in a state then you must be aware of and comply with that state’s laws of data collection, data processing, and data breach notification.

know your industry-specific rules

Certain industries have specific laws for how data can be collected, processed, and shared. The most obvious example is the healthcare industry and the Health Insurance Portability and Accountability Act (“HIPAA”). The finance and automotive sectors are also examples of industries that have specific laws. Every business should look into whether there are specific rules that apply to them, and what the requirements are for compliance. For example, any business that accepts credit card payments will need to comply with the Payment Card Industry Data Security Standards (“PCI DSS”).

take an inventory of data being collected, and only collect the minimum necessary data

Legislation like GDPR and the California Consumer Privacy Act limit the amount of consumer data that businesses can collect. As a general practice, businesses should be aware of and deliberate with the specific data they collect about consumers. Businesses should collect no more data than is necessary for their specific business purposes. Not only is this necessary for complying with legislation, but it helps to minimize the risks of liability if and when a data breach occurs.

only allow the minimum access necessary

Similar to only being permitted to collect the minimum data necessary, employees should only be allowed to access the minimum amount of data necessary to fulfill their job responsibilities. With a data inventory complete, job roles and responsibilities should be granted access only to the data required for that position.

have policies and plans in place

Businesses must have written policies in place. This includes public-facing policies, like a privacy policy and data use policy, as well as internal policies governing the responsibilities and obligations of employees. All written policies must be kept up to date, disseminated to all employees, and strictly followed. If a situation arises where you think you may need to deviate from your policy, you should carefully analyze whether it is your policy or your business practice that needs to be adjusted.

Businesses should also have plans in place to respond to both common and emergent situations. This includes regular activities like conducting system maintenance and updates, as well as disaster recovery, business continuity, and data breach response plans.

training and the human element

All of the items previously discussed are only effective if entrepreneurs and their employees actually take them seriously. Employees must be trained in how to keep themselves, the business, and the business’s customers safe from cybersecurity risks. Training should be tailored to the particular business, job position, and industry. Finally, cybersecurity must be a priority at the individual level, and finding ways to achieve employee “buy-in” is the best way to keep a business safe from cybersecurity threats.

Christian Wolgemuth is, at the time of this post, a third-year law student at Penn State’s Dickinson School of Law. Prior to law school, he spent five years as a cybersecurity consultant for both Accenture and Deloitte. Wolgemuth served both private sector and government agency clients all over the country, helping to design cybersecurity systems used by millions of customers worldwide. As a law student, he has interned with the Pennsylvania Office of Attorney General in the Bureau of Consumer Protection working on data breach and privacy infringement litigation. After law school, he will work in the litigation group of a private law firm in Harrisburg, helping clients navigate the continuously changing world of cybersecurity and privacy law.

Photo Sources:

https://www.google.com/url?sa=i&source=images&cd=&ved=2ahUKEwjggZ_L59bmAhUtT98KHR7XCZQQjRx6BAgBEAQ&url=https%3A%2F%2Fechalliance.com%2Fcybersecurity-is-forcing-a-rethink-of-strategic-autonomy%2F&psig=AOvVaw2bw7XpykUzGw5aDpZPvBIy&ust=1577569664547131

https://www.google.com/url?sa=i&source=images&cd=&ved=2ahUKEwiLj4T_6dbmAhUtc98KHdPxA38QjRx6BAgBEAQ&url=https%3A%2F%2Fwww.iconfinder.com%2Ficons%2F688373%2Fcheckbox_checklist_checkmarks_list_icon&psig=AOvVaw2cF_QVOPihmS53z7WBk-GG&ust=1577570436851381

https://www.google.com/url?sa=i&source=images&cd=&ved=2ahUKEwjEjPe0ldzmAhWLZd8KHS4qAacQjRx6BAgBEAQ&url=https%3A%2F%2Fwww.flickr.com%2Fphotos%2F140988606%40N08%2F27891579948&psig=AOvVaw3h68uVDo8lDJDxGuhKQQ0X&ust=1577753860544116

 

Jen Delaye | Entrepreneur of the Month | December 2019

By: Sarah Antonia Zomaya

I had the honor of interviewing Jennifer Delaye as our December Entrepreneur of the Month.  Jen has the ultimate entrepreneurial spirit and has been succeeding as an entrepreneur since she was in college.  Beginning with concessions stands on City Island in Harrisburg, Jen and her siblings operated seven concession stands serving thousands.  With no knowledge of food service or business, Jen and her siblings realized that, “everything we thought business was, it really wasn’t.”  She recognized that the business would never succeed if they operated under the assumption that business is wearing a suit, carrying a briefcase, and bossing people around.  If people aren’t happy, they’re not coming back and the business will never succeed.  The concession stand business, Riverside Village Park, took off and soon after her family also opened up a restaurant.

After running the concession stands and restaurant for some years, Jen decided she didn’t want to be doing the same thing every day.  So, in 1992, she stepped away from the concession stands, closed up the restaurant, and the very next day she opened up her own catering business, The JDK Group.  To this day, The JDK Group is the premier catering and events group in Central Pennsylvania.

The Reality of Start-Ups

Jen began The JDK Group with two clients and no business.  Although Jen loved the work she was doing, she struggled with her pre-conceived notions of success.  She had just graduated with an amazing degree, she wasn’t making a ton of money, and all her friends had “real jobs,” wearing suits and carrying briefcases – when she couldn’t even figure out what to put in a briefcase.  Jen realized, “I’m not where I’m supposed to be because I was measuring myself against everybody else.”  Jen had to work on “getting over herself” and just keep building towards her vision.

In the beginning of The JDK Group, Jen was running the business check to check; her friend and bookkeeper kept telling her she was crazy, she needed to close up shop, and if she kept doing this she would end up in massive debt.  But, Jen didn’t give up and close up shop, she said, “I see something so much bigger and I’m not stopping until I get there, and if it doesn’t work, it doesn’t work and at least I tried.”

Women in Business

While she was still drumming up business for The JDK Group, Jen went into the bank for a loan.  It was the worst experience she’s ever had.  The bank told her they wouldn’t give her the loan, but instead she should send her brother in to get the loan.  Jen’s mentor called the president of the bank and the bank, in turn, offered the loan to Jen.  Jen responded saying, “I don’t want it,” she closed every single account at that bank and said, “this is your lesson as well as mine.”

Jen had four kids under the age of four at the same time.  She had to figure out how to build her business and be a mom at the same time.  She says that, “balance is your definition for today.” Determining “what needs me the most and here is where my first round of focus and energy is going to be today.”  Jen says, “you can keep this really simple – do unto others as you would have done to you.” At the end of the day, her purpose is to impact the lives of others, not to just build businesses and make money.

Entrepreneurs & Attorneys

 As Jen’s business grew, she had to start using attorneys for plenty of issues she encountered.  Jen said she could “probably count on one hand over the last 30 years, the attorneys I felt served me well.”  From her experience with some attorneys she felt, “you’re not hearing me, you’re too busy, and this is just wasting my money.”  She continued by saying that she never really connected with these attorneys; “entrepreneurs live in a different world – there are no hurdles, there’s nothing we can’t jump.” She would get frustrated because “attorneys give you all the ways you can’t do something instead of helping work with me on all the reasons why I can do something.”

In looking for an attorney, Jen looks for someone “who understands entrepreneurs and who is actually going to take the time to get to know me before you know my issue.”  She looks for someone authentic and not someone who when “the second you sit down the clock starts.” Attorneys working with entrepreneurs need to understand the way entrepreneurs maneuver and think.

Deciding to Go Forward with a Start-Up

In addition to running her successful catering business, Jen has also worked with a number of hotels and with aquaponic technology.  She says it all “starts with opportunity.”  Jen had the opportunity to run a restaurant and banquet space in a hotel, and she took it thinking, “this is my chance to change hotels.”  What she thought was going to be an easy build, turned out to be the exact opposite.  On the first day, the hotel was so empty she said “it was like The Shining.” She knew she had to create a unique, innovative restaurant where people would come and have this “great experience in this little piece of the world.”  Jen did exactly that – hiring a spectacular team and providing a unique culinary journey in a little hotel restaurant, such as serving blowfish tails.   The business was starting to grow, but then came the food critic.  The food critic left a horrifying, mean review that was public and caused a major challenge for the restaurant.  But Jen was determined, and within a year she doubled sales and guests needed a reservation to get in.

Jen then went to the hotel side of the business and learned the entire hotel business, going through each department and learning everything she could.  Jen then had the opportunity to work with an aquaponic technology business.  Aquaponics is an environmentally friendly food production technology wherein produce is essentially grown from the nutrients of a fish tank.  Jen’s most recent business venture opportunity is working with Allenberry Resort.

Jen says the whole time she’s working on these start-ups, “you just don’t know if it’s really going to work.” Her vision is what drives her every single day.  “Those first three years are nothing but pure challenge, work, no money, every single day, 365 days, there is no nine to five job, there is no day off.”  She won’t stop because she sees where she needs to go.

“Culture is nothing more than a set of beliefs that binds and guides us”

Jen is “all about teams.” She hires the best and lets her team do what they do best, “instead of micromanaging or thinking her idea is always the right way.” She recognizes that in order to build a culture and team, she can’t just put out a strategy paper and create new processes.  Rather, to build a culture and team you have to go into the trenches and “work with them and show them the change you want to happen.” At Allenberry, Jen goes from department to department working with the team and even closing the restaurant with them.

Companies aren’t just about profits and losses, “great companies are made up of the sum total of the employees.” Jen elaborated and said, “this is what people choose to do every day, their environment better be conducive to their health – mental, emotional, physical.”

“At the core, it’s people first.”

Sarah Zomaya, at the time of this post, is a third-year law student at Penn State’s Dickinson Law. Following graduation, Sarah will be practicing corporate transactional law at Morris, Nichols, Arsht & Tunnell. Sarah is currently serving as Vice President of the Business Law Society and as a Comments Editor for the Dickinson Law Review.