Does your company store private information such as credit card numbers, social security numbers, or health information? Are you sure? Data breaches where this type of information is exposed can cost your business money. A quick scan of the newspaper headlines on any given day will often report on a breach and subsequent fine, whether it be Morgan Stanley’s $1 million dollar fine, or AT&T’s $25 million dollar fine. There are plenty of high profile examples. Beyond the headlines, many smaller businesses are finding themselves subject to data breaches and fines. These fines may not accumulate to the millions of dollars as in the cases mentioned above but can be just as impactful – if not more impactful – as small businesses might not have the same type of financial cushion that big companies have.
Breaches, especially preventable breaches, that result in the exposure of private data will result in a fine. Businesses have a legal responsibility to report breaches that expose individuals’ private data. That responsibility varies from state to state. At Colden Company, we work with businesses large and small to assess that risk. We have specialized technology that can proactively scan your data resources for the type of protected data that, if breached, would result in a fine. We have worked with many small businesses that have told us “no, we do not store that type of data.” A quick search of the HR person’s computer often proves otherwise.
The question we are often asked is “what steps do we need to take to prevent getting fined?” Good question. Legal documents are often vague, citing businesses must take reasonable precautions. What constitutes reasonable? And if you are breached, it is very easy for the state to say your defenses were obviously not reasonable enough or you would not have been hacked! A leading non-profit security organization, SANS Institute, has compiled a list of twenty recommended security steps that businesses can take. If you would like a copy of this list, please email us at firstname.lastname@example.org.
There is a balance between usability of your systems and security of your systems. Given the nature of the threats that exist, we are advocating for a tip of the scales in favor of more security. The measures your business was taking two or three years ago may not be sufficient to protect your business from today’s threats. Add on to this the increasing likelihood that a breach can result in fines, lost data, and lost customer confidence and this should prompt your business to take a second look at its security practices.
Studies have shown that preventative maintenance is far less costly than reactionary spending to a breach. The scanning technology we spoke of above is just the type of preventative measure that can protect your business. This type of scan is extremely valuable as it can point you right to where your vulnerabilities are – vulnerabilities you might not know you have. Contact us today at (888) 600-4560, email us, or visit us on Facebook or Twitter to schedule your scan.