Have you felt the impact
of increased regulation on the small business sector? It seems that no matter which business vertical you are
involved in, some government entity wants to make sure you are carrying out
your business activities in a manner compliant with laws and regulations.
Some of these regulations
make you scratch your head in wonder and some of them make perfect sense. One of the areas that fall into the
latter category of making sense has to do with Data Breach Preparedness and
Response. Too many business owners
are ignoring this area of risk and, to their own detriment, they are exposing
themselves to huge consequences, including the potential loss of their
businesses.
By definition, a Data
Breach is the unauthorized use, access to, or disclosure of records or data
containing personal information.
Businesses are required to protect PII (Personally Identifiable
Information) - Information that relates to an individual that can be used on
its own or with other information to identify, contact or locate that
individual, regardless of the format of that information.
When we hear the term
“Data Breach”, most small businesses think in terms of a cyber-criminal hacking
into their systems from the outside.
However, statistics show that only 20% of Data Breaches are from outside
sources. More than 64% of Data
Breaches are caused by employees, either accidentally or maliciously. According to independent studies, over
60% of such breaches are attributable to employees in financial distress or
with criminal backgrounds.
Most business attorneys
believe that more than 98% of small businesses are not legally compliant or
adequately insured when it comes to Data Breach law. There are Data Breach laws in 47 states along with federal
law. Failure to pay attention to
and comply with these laws and regulations is like burying your head in the
sand, hoping you don’t have the inevitable Data Breach.
What should the small
business owner do? First, make a
quick assessment with these questions:
- Has your business adopted a Written Information
Security Program (WISP) as required by your state’s law?
- Do you have a written plan in place for when your Data
Breach technologies are defeated?
- How would you handle an internal breach where an
employee compromises information either accidentally or maliciously?
- Have you instituted an employee training regimen with
documentation?
- Do you have a written Post-Breach Reaction Plan?
- Do you have vendor contracts in place to safeguard
data you are required to protect?
(If your payroll firm, accountant
or CPA suffers a Data Breach involving the information you shared with them,
you are still responsible for that data being breached.)
If you have not taken these steps it is likely that
you are not legally compliant.
- Are you adequately insured? (Most business owners
falsely believe their current insurance will protect them. Traditional insurance such as general liability,
property, errors & omissions, crime/fidelity, and directors & officers
don’t protect you.)
- Do you have a Data Breach rider or cyber
insurance? (If your premium didn’t increase by $3,000-$5,000 this year then it is
unlikely.)
The result is you are most likely not adequately
insured for a Data Breach.
If you are like most small
business owners, you are busy trying to generate revenue and meet payroll and
other responsibilities. You need
help in addressing your responsibilities to be compliant with the law and
explore available options. There
are products available in today’s marketplace that address pre-breach
preparedness and post-breach response that include compliance and associated
cost concerns. These products provide
small businesses with an enterprise solution at an affordable price point. That is why I believe it is worth a
conversation.
My father
used to say, “Son, you don’t know what you don’t know.” Either you know what the laws and
regulations require of you or you don’t.
Either you are prepared for the inevitable Data Breach or you are hoping
it won’t happen to you.
If you are a Franchisor, a
Franchisee or an independent small business owner don’t go another day without
adequate preparation. Feel free to
give me a call at 970.978.0665 and I can get you pointed in the right
direction!