Cybersecurity is a growing concern for businesses, and small businesses are not immune from the threats posed by cybercriminals.
Don’t be complacent because your business is small: Almost half of all cyber attacks in the U.S. are directed at small businesses. In recognition of this serious problem, in August 2018, President Trump signed into law the NIST Small Business Cybersecurity Act, requiring the federal government to provide resources to assist small businesses in reducing their vulnerability to cyber attacks.
What Should You Do?
It is important for you to take steps to protect your business’s data, reputation, and customer and employee information.
The following actions are among the most important for small businesses to consider:
- Establish easily accessible cybersecurity policies for your company, include them in your employee handbook and offer periodic employee training on what you require. As an aside, employees should be required to take any necessary steps to protect customer and business data. Some additional common practices include:
- separate user accounts for each employee,
- strong passwords for all laptops, tablets, and smartphones, that are changed every three months,
- prohibiting the installation of any software on to company computers without permission, and
- limiting administrative privileges to key employees and IT staff.
- Restrict employee access solely to the business’s information and systems needed to do their jobs. When an employee leaves the organization, make sure he or she no longer has any access to this information.
- Make sure your software, web browsers, and operating systems are updated regularly to defend against viruses, malware, and other online threats. Also, install hardware and software firewalls on all of your computers and networks, even if you use a cloud service provider or virtual private network.
- If employees use mobile devices that can access the business’s network or confidential information, require them to password-protect their phones, encrypt their data, and install security apps to safeguard information when the phone is on a public network. Reporting procedures should be put in place for instances in which mobile devices are lost or stolen.
- Frequently backup all of your business’s important information and store copies in a separate location or in the cloud.
Proactive steps to guard against cyber attacks are not only important to protect your business’s financial welfare, they are also necessary to avoid liability under data privacy laws. If your customers’ or employees’ personal information is obtained by unauthorized parties, you may be vulnerable to civil liability if your business did not take the steps required by state law or steps reasonable under the circumstances to protect their information.
In addition, if a data breach occurs, you could also be liable for civil penalties or claims brought by affected individuals if you don’t act to mitigate the harm or remedy the situation, for example, by providing notice to those whose personal information was affected, even if your business initially took the proper steps to avoid such a breach.
We Can Help
Are you concerned that your business is vulnerable to cyber attack and the liability that may arise if your business is affected by one? Every business is different, and your cybersecurity strategy should take the nature of your business into account. We can help you evaluate your individual situation and take the necessary steps to protect your business. Please give us a call today to set up a meeting.
Like what you're learning?
Sign up for our free newsletter
Notes from the Chief Counsel's Desk
and get more legal insights sent directly to your inbox.
Sign up for our free educational event on
Legal Life Planning
to learn how you can protect your loved ones and assets when something happens to you.
This article is a service of Sky Unlimited Legal Advisory PC, Family Startup Lawyer™. We're not your traditional law firm, we stand apart from the rest by helping you make informed and empowered decisions on how to deal with your business throughout life and in the event of an emergency. We offer a complete spectrum of legal services, including a New Business Planning Session or an Existing Business Review Session, which includes a review of all the legal, insurance, financial, and tax systems you need for your business. You can begin by calling our office at (650) 761-0992 today or book online to schedule a Business Planning Session and mention this article to find out how to get this $950 session at no charge.
The strategies that are appropriate for protecting your assets are different for every family. Check out our proven process that gives you peace of mind...