Free Enterprise - The FindLaw Small Business Law Blog

Is Your Small Business a Target for Hackers?

It happened to Target. It happened to Home Depot. It just happened to the federal government. Can it happen to your small business?

We're talking about hackers and data breaches. While most data breaches covered in the news affect large companies with millions of customers, your small business is just as vulnerable. According to Internet security firm Symantec, 60 percent of cyber-attacks in 2014 targeted small and midsize businesses.

With two thirds of adults refusing to return to a business where their personal information was stolen, can your small business afford a data breach?

Vulnerabilities

Small businesses are actually more vulnerable to data breaches and cyber attacks than large companies.

Believing that they're too small for hackers to target, many small businesses don't bother with adequate security systems. Also, vulnerable businesses don't have proper procedures for encrypting and securing customer information. Or, businesses may have certain procedures in place but don't train employees.

How to Deal With Data Breaches

If your company is victimized by a data breach, here are some tips to minimize your liability:

Notify all affected customers

When a data breach occurs, many states have laws that require businesses to notify customers of the breach.

For example, New Jersey requires and business that compile or maintain records of customer's personal information must notify the State Police and any customer who is a resident of New Jersey of the breach.

If your business deals with customer's health information, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) Act also requires client notification. Depending on the company's culpability for a data breach, the Department of Health and Human Services can impose fines from $100 to $50,000.

Outsource your security

If your business doesn't have the budget to hire a dedicated data security staff, hire an outside company specializing in data security to do it for you. The cost of doing so will be far outstripped by the cost of a breach.

Create a privacy policy

If you don't already have one, create a data privacy policy. Implement rules such as securing laptops with sensitive data in locked cabinets, protecting computers with passwords, properly disposing of sensitive data by shredding, and encrypting data. Then, train your employees regularly on these procedures.

If your business is targeted by a cyber attack, consult with an experienced business attorney for help.

Related Resources: