General News/Jun 30, 2015
5 Things Every Business Owner Must Know To Minimize The Fallout From Cyber Attack
4 min read
An alarming number of cyber attacks have been reported recently. And the number continues to grow. Such attacks are not a threat only to large corporations. In fact, small businesses are more likely than large corporations to suffer cyber attacks because they are more vulnerable and less likely to have proper protections in place. No business is immune from data breaches. Thus, it is imperative that all business owners take precautions to protect their businesses.
Here are five things every business owner must know to protect against cyber attack liability:
- Know the law. Michigan is one of 46 states to enact legislation requiring notification to persons when a data breach has occurred. MCL 445.72 mandates notification “without unreasonable delay” in the event that someone’s unencrypted information was accessed by an unauthorized person or if a person gained unauthorized access to someone’s encrypted information. The statute imposes a duty on persons and business entities to act with the same care as an “ordinarily prudent person” would exercise. MCL 445.72a further requires persons to destroy data containing personal information about individuals when it is no longer needed for business purposes. Both statutes are punishable with civil fines. Depending on the extent of the breach, failure to notify could cost a business up to $750,000 in fines.
- Know the risks associated with your industry and your business. Different industries carry different risks of cyber attack. As a general rule, the more sensitive the data that is stored within the industry, the more at risk that industry is to cyber attacks. This, however, should not lead to a false sense of security for business owners within industries that do not commonly store sensitive data. Savvy cyber criminals can access data through any link in the chain. Therefore, business owners need to know what protections are in place with all the other businesses and industries with whom they network and share information.
- Know the “Best Practices” to minimize your risk of cyber breach. While most business owners have implemented some security measures to minimize the risk of a cyber breach, all business owners should keep current with best practices to protect confidential information. A non-exhaustive list of prudent steps include the following:
- Keep software up-to-date
- Keep antivirus and anti-malware programs up-to-date
- Use strong passwords and require employees to change passwords frequently
- Require passwords and encryption on all mobile devices used by employees
- Implement an encryption plan
- Hire a security consultant
- Perform a monthly audit
- Conduct proper background checks for employees and vendors
- Train staff on cyber security practices
- Develop an incident response plan
- Do not store sensitive data longer than necessary
- Segregate sensitive data
- Know your employees. It is more important than ever for business owners to carefully select employees – especially those employees who will have access to sensitive information. Business owners should consider doing background checks on such employees. Additionally, there should be policies and procedures in place to educate employees about cyber security and to address potential breaches by employees. Employee handbooks should contain provisions regarding cyber security.
- Know your insurance coverage. Business owners should consider adding cyber liability insurance to their other forms of insurance coverage. A specific policy to cover cyber liability is necessary because most general liability policies exclude data, which is not considered tangible property. Cyber liability insurance provides coverage for liability that arises out of unauthorized use of or access to electronic data or software used in connection with the insured’s business. Basic policies cover privacy expenses, security liability and electronic media liability. Additional options include coverage for cyber extortion, data restoration or system failure, to name a few. Cyber liability policies can and should be tailored to the type of business entity being insured.
For more information regarding best practices for cyber security, visithttp://www.observeit.com/blog/10-best-practices-cyber-security-2015
For more information regarding cyber liability insurance coverage, visithttp://www.computerweekly.com/news/2240202703/An-introduction-to-cyber-liability-insurance-cover
News and blog articles presented in this website are distributed for general information purposes only with the understanding that the author, publisher and distributor of articles is not rendering legal, accounting, or other professional advice or opinions on specific facts or matters and, accordingly, GGTM assumes no liability whatsoever in connection with the use of any article. Pursuant to applicable rules of professional conduct, this communication may constitute Attorney Advertising.