Scenario: It’s Monday morning and an employee notifies you that his laptop has been stolen. He apologizes profusely, but there is nothing you can do now. You, as the boss, are now thinking, “What a headache. Now I have to buy a new laptop and get it setup, etc. Not to mention the wasted time!”
In reality, your business could be on the hook for bigger costs and problems.
Businesses are now storing more and more data and most states are starting to aggressively enforce data breach and security laws that set out the responsibilities for businesses capturing and storing personal data.
Here’s a key piece of information: In today’s global economy, if your business deals with any person in the European Union (EU) and you have information on that person, you are, subject to the General Data Protection Regulation, commonly known as GDPR where fines for breaches can be as high as 4% of annual global turnover or €20 million (Euros), whichever is greater!
GDPR went into effect in May 2018 and other countries will, no doubt, soon follow suit with similar regulations. “We did our best” is no longer an acceptable response.
With millions of cyber criminals working daily to hack systems, and with employees accessing more and more confidential client data, there is no known way to absolutely, positively guarantee you won’t have a data breach. However, your efforts to put in place good, solid best practices in security will go a long way to help you reduce or avoid hefty fines, lost reputation and subsequently, lost business.
Here are some basic things to look at:
- Encryption. Laptops, cellphones, tablets, etc. should all be encrypted so even if they are stolen, their drives cannot be accessed, and the data read. Mobile devices are extremely vulnerable to physical theft.
- Manage data access. Who can access the confidential information you store in your business? Is this information easily accessible by everyone in your company? What is your policy about taking data out of the office on mobile devices?
- IT security and passwords. The more sensitive the data, the higher the level of security you need to keep on it. Are your passwords easy to crack? Are passwords changed periodically? Is the data encrypted? Secured behind a strong firewall? If not, why?
- Training. One of the biggest causes for data breaches is the human element: employees who accidentally download viruses and malware that allow hackers easy access. Do you have a data security policy? A password policy? Do you have training to help employees understand how to use e-mail and the Internet responsibly?
- Physical security. Not all crime is done remotely; thieves also break into offices and steal servers, laptops and other digital devices. Make sure everything is always physically secured.
- Paper documents. Documents containing sensitive information should be locked up or scanned and encrypted. The good, old fashion “clean desk policy” comes into play here.
- Insurance. Make sure you have a good cyber-insurance policy to cover the expense of a breach since even a small one can cost your business thousands of dollars.
- Legal. Speak to an attorney who specializes in this area and get the facts on your responsibilities under Federal, State law and now international law (remember: GDPR!).
- Backup Systems. Businesses should install a Hybrid-cloud Business Continuity system to protect its data. While Business Continuity solutions cannot prevent attacks, they can ensure fast and complete recovery since they maintain virtual copies of your servers in two geographically separated data centers as well as onsite (3 copies total). They’ll also allow you to continue functioning even if your servers are physically damaged or destroyed. Data backup systems can’t do this.
Data security is something that EVERY business is now responsible for, and not addressing this important issue can have severe consequences. Data breach laws have a long reach and BIG teeth―even from “across the pond”. Don’t become a victim. Act now!