Cybersecurity is a growing concern for businesses, and small businesses are not immune from the threats posed by cybercriminals. Don’t be complacent because your business is small: Almost half of all cyber attacks in the U.S. are directed at small businesses. In light of this problem, in August 2018, President Trump signed into law the NIST Small Business Cybersecurity Act, requiring the federal government to provide resources to small businesses to reduce vulnerability to cyber attacks.
What to do as an Owner or Leader of a Small Business?
Take steps to protect your business’s data, reputation, customer and employee information. The following are among the most important steps to consider:
- Establish and communicate cybersecurity policies and include them in your employee handbook. Offer periodic employee training on what you require employees to do to protect customer and business data. Common practices include:
- separate user accounts for each employee
- strong passwords for all laptops, tablets, and smartphones, to be changed every three months
- prohibiting the installation of software to company computers without permission
- limit administrative privileges to key employees and IT staff.
- Restrict employee access solely to the business’s information and systems needed to do their jobs. When an employee leaves the organization, make sure they no longer have any access to information.
- Ensure software, web browsers, and operating systems are updated regularly to defend against viruses, malware, and other online threats. Install hardware and software firewalls on all computers and networks, even if you use a cloud service provider or virtual private network.
- If employees use mobile devices that to access business networks or confidential information, require passwords on their phones, encrypt their data, and install security apps to safeguard information when the device is on a public network. Reporting procedures should be established when a devices is lost or stolen.
- Backup all important information and store copies in a separate location or in the cloud.
Proactive steps to guard against cyberattacks are not only important to protect your business’s financial welfare, they are also necessary to avoid liability under data privacy laws. If your customers’ or employees’ personal information is obtained by unauthorized parties, you may be vulnerable to civil liability if your business did not take the steps required by law, or steps considered reasonable under the circumstances.
A data breach could also create liability or claims brought by affected individuals if you don’t act to mitigate the harm. You should, for example, providing notice to those whose personal information was affected, even if your business initially took the proper steps to avoid such a breach. Consider data-breach insurance, available through most commercial insurers, to protect you from the potential financial burden.
Are you concerned that your business is vulnerable to cyber attack and the associated liability? Every business is different, and your cybersecurity strategy should be tailored to your business. Local Technology, Insurance, and Legal professionals can help you navigate the risks, and create solutions that minimize those risks. Do not delay taking the necessary steps to protect your business, employees, and customers so that you ultimately can…