When is the last time you performed an assessment on the safety and security of your company? Not necessarily the locks on the door, or the alarm system; but rather, the firewalls to your business website and cyber-security features that protect private and sensitive customer information.
In August 2015, headlines circulated around the world regarding the data breach from Internet hackers who breached the confidential files of clients for Ashley Madison, an online dating site for individuals seeking extramarital affairs. The secretive, personal nature of the business—and the fact that customers were required to enter credit card information—made it doubly susceptible to attack. In several anonymous media statements, the self-described hackers noted that they targeted Ashley Madison because they believed the entire business model was, “a scam.” However, even companies with less questionable services may be targeted because of the mounds of valuable data collected on a daily basis.
According to an article on Entrepreneur.com: “Cyber-crooks increasingly are targeting small businesses to steal information such as passwords that lead to bank account balances and credit lines, customer data and sensitive product details. Hackers also may try to virtually hijack company computers or websites and use them to attack others online. They know most small businesses lack the security expertise, data protections and response tools that large companies have at their disposal.
Falling victim to a hack can be costly. Malicious or criminal data breaches on average cost victim companies $318 per compromised record in 2010, according to Traverse City, Mich.- based research firm Ponemon Institute.”
So, what is your liability for failure to protect customers’ sensitive data and private information? If your business requires any type of login procedure using email addresses and passwords, then consider it a target for potential hackers. Many times, lawsuits arise when victims feel that the company was careless, reckless or negligent in their duties to protect sensitive information. If customers/clients can prove that your business could have or should have done more, then the risk for litigation increases.
Every small business should have a cyber-security plan in place. If you don’t have one, or don’t know what that means, check with your IT Provider or IT consultant for advice and information about conducting a cyber-audit to learn how to secure your company’s resources. For more information on other business development topics, visit www.TheInstituteNC.org and follow @TheInstitituteNC.