The world of technology is evolving faster than ever. Business owners traditionally consider assets toinclude buildings, equipment, stock in trade, employees, work-product and good will. Today business information and data has become one of the main assets that requires protection. Wonder why? Ask yourself a few questions. What would happen if my client’s private information was misappropriated? What would happen if my trade secrets or innovative ideas became public? What would happen if I was deprived of access to crucial business information for days, weeks or months? What would happen if I lost this information forever? Safes and filing cabinets are no longer capable of protecting your most important business asset.
Businesses, small, medium or large, cannot afford to live in the past. Whether you manage a local business or a multi-national corporation, your most valuable business asset is at risk. The most recent malware (WannaCry) affected more than 200,000 organizations in 150 countries and the cyberattack “Petya” affected over 65 countries.
The NH Department of Justice Consumer Protection and Antitrust Unit posts notices of data
breaches that affect New Hampshire businesses and customers. The list is growing and clearly demonstrates that all businesses are at risk of losing valuable information, customers and reputation. The risk is not limited to phishing attacks, malware, spyware, worms and other technological advances. Data breaches may be as simple as the loss or theft of a thumb drive with the customer’s name, date of birth, home address, phone number, medications, race, etc.(Ambucor Health Solutions, Athletic Clubs of America, Inc., Hotel Zelos, etc.). Even state agencies are not immune. Last year unauthorized access to NH DHHS data resulted in posting names, addresses, social security numbers, and Medicaid identification numbers of 15,000 patients on a social media account (New Hampshire Department of Health and Human/ Concord Hospital data breach).
How Do I Begin To Protect My Business and Customers From Data Breach?
The answer is simple. Understand the nature of your cyber-assets and learn the methods to protect them.
Consider the business you conduct, your goals, the information you seek to protect, your business size, requirements of the law applicable to your activities. What is good for a large business with over 100 employees and unlimited resources is not likely to work for a small business with one part-time employee.
Security measures should be tailored to the business they address. A “risk assessment” is required in most cases. The assessment includes verification of your business’ policies and goals, an identification of the assets you seek to protect, identification of the threats and risks to your assets, existing safeguards (physical, administrative and technological), applicable laws and industry compliance requirements that should be implemented by business to limit its exposure to risks of data breaches.
What Should I Do To Protect My Business and Customers From Data Breach?
Every business owner must consider measures to protect data. A risk assessment would provide you with sufficient information to make an educated decision on which measures should be implemented soon and which ones can wait. Once you implement security measures, policies and procedures must be drafted and implemented and employees must be trained. If you implement technological measures, your system must be maintained and updated and tested for vulnerabilities. A risk assessment should identify your risks and suggest measures.
Do I Need A Lawyer?
No, you do not need a lawyer to implement securities measures. Technological measures are best implemented by a qualified computer security firm. Protection of your most valuable data, however, is not limited to implementation of technological measures. A lawyer will assist you with understanding of which measures (administrative, technological or physical) should be implemented by your particular business to protect the assets your business must protect under law and needs to protect to stay in business. A lawyer will educate you about data security laws and compliance requirements that affect your business. A lawyer can assist in the drafting of procedures and policies. A lawyer can also assist in training your employees to implement effective security policies and procedures that fit your business's needs.