Q: What is a business’s most import asset?
A: Its reputation.
Business owners work hard to build a reputation for providing goods and services that are top quality. They protect their business, put locks on the doors, install alarms and have safes to store valuables. But very few of these owners put any thought to protecting the most valuable asset, the customer data they have been entrusted with.
Of course, everybody is familiar with data breaches. They have become so common, we have grown numb to them. Of course, that only happens to big companies like Target, Home Depot and big insurance companies, right? Wrong! Data thefts from small business has become big business for thieves all over the world. The risks are much lower than physically breaking into a business and the payoffs are much higher. “Carder” websites sell personal information in lots based upon how much information the buyer requires, DOB, SSN, mother’s maiden name, first pet, hometown, etc.
So why should a small business care, because one data breach could cost you your business! Aside from State and Federal Laws which may require notification of such a breach, there is a whole new breed of Plaintiff’s lawyers just waiting to file a lawsuit against your business for not properly protecting the digital information in your care.
Most data breaches aren’t the ones you see on TV, most don’t involve a hacker in Eastern Europe trying to steal your company’s bank accounts. Most are far simpler. Think about how many times you have seen or allowed someone to insert a USB thumb drive into your computer. A simple virus can be implanted or files downloaded directly. They may even be unaware, having had their drive infected by another computer.
What about that employee who opens every email that comes in? How about that old computer or copier you got rid of, did you have the hard drives destroyed? Do you shred everything with personal information on it? What about your cleaning crew, have you vetted them thoroughly? Do they have access to papers on desks or in files that may have client information on them? You can see where this is going.
As an example, I was at a medical office a few months ago for some tests and left in the room alone to change. In the room was an ultrasound machine that still had the screen turned on. On the screen was a list of the last five patients with full name, and date of birth. All it would have taken was a quick picture with my camera phone and an upload to a carder site for some quick money. Instead, I notified the provider that not only did they have a HIPPA violation, but they had just opened themselves up for a lawsuit if this data got out.
But protecting your business takes more than just making sure your computer systems are secure and your anti-virus is up to date. In today’s legal landscape, every business that collects any personal information, which includes just about any business that keeps a record of customers, needs to have a detailed plan for not only protecting their data, but how they will handle a breach of their security and mitigate the damage as quickly and completely as possible.
This is where it is important to work with an attorney that is trained in both the protection of digital assets as well as incident response. Such an attorney will assess the needs of your business, assist you in developing proper protocols for protection, and design a response plan in the event that your client’s data somehow gets out the front door.