I remember a time when treating a virus just required aspirin, rest and a lot of liquids. Today, if you get the wrong kind of virus, it might require hours of forensic cyber investigation, the services of a breach coach and access to bit coins. I’m pretty sure the aspirin will still be needed from the lost revenue and damaged reputation headaches that can follow.
The government has taken cybersecurity seriously. Since 2004, October is celebrated as National Cybersecurity Awareness month, a collaborative effort between the government and businesses to raise cybersecurity awareness. With all the headlines of data breach and cyber related claims in the news, it’s hard to imagine this topic even needs its own month to get noticed.
Regardless of its degree of notoriety, how our clients manage their data security to avoid data breaches and potential identity theft is a key concern. The increasing threat from identity theft and cybercrimes requires strategic thinking about things that just a few years ago didn’t exist. Today’s business owners need to assess their internal and external digital vulnerabilities and develop a battle plan to protect their private client and employee data from falling into nefarious hands. They need to be able to quickly detect when a breach has occurred, rapidly deal with it and then follow through on the notification requirements with impacted parties. Ignoring this exposure is not an option.
Legislative oversight regarding cybersecurity is stepping up at the state and federal level and several states have now adopted additional laws to address this exposure. Assistant Commissioner of Enforcement Matt Vatter from the Minnesota Department of Commerce spoke recently at an insurance industry meeting about the need for small businesses to be aware of, and in compliance with, applicable cybersecurity laws. Businesses that do not properly protect their private data could be held accountable and could face substantial penalties.
The time to act is now
How are you protecting your business from the myriad of threats that could result in data breach or identify theft loss? I’m confident most of you reading this have proper cyber safeguards in place but if you don’t, please be aware the concern is real. As a business owner, you need to analyze potential liabilities and think about the efficacy of your current cybersecurity program. Here are some basics:
- Develop and implement a comprehensive written cyber security program.
- Assign the responsibilities to an individual to oversee this program.
- Protect your computer systems hardware and software from unauthorized access.
- Train your employees on cyber security and evaluate the cyber security practices of your third-party vendors.
- Defend against the actions of rogue employees and understand how to monitor and report an incident should a loss occur.
There’s a lot to do and it can be a little overwhelming, but the good news is there are many excellent resources available that can help you prepare for and address these concerns. The important thing to remember is an ounce of prevention is worth a pound of cure.