It's a sad wakeup call for small businesses: according to the online news site Cincinnati.com, a federal court in Northern California gave the go-ahead for victims of the Adobe System, Inc. data breach to proceed with a class-action lawsuit against the company. The dismal twist? None of the victims have suffered any injuries.
That's right — the court ruled that so long as there's sufficient threat of future identity thefts, a lawsuit can proceed. In the past, parties affected by a data breach had to actually sustain injuries before they could seek damages. However, the CA judge found that the actual hacking — which resulted in stolen names, Adobe IDs, passwords, credit card numbers, expiration dates, mailing addresses, and email addresses of 38 million Adobe users — qualified as harm.
While this might be good news for the victims, for small-business owners, it reinforces just how big an issue data security is right now. Let's review what you can do to keep your company's data under lock and key.
How to Build a Fortress: Best Practices for Data Security
A lax approach to your data security is one of the quickest ways to end up with a nasty breach on your hands. And you don't want that. A data breach can cost hundreds of thousands of dollars in notification costs, credit-monitoring fees, and legal bills if you end up in court. Plus, only an oil spill and shoddy customer service are more reputation damaging for a business than a data breach, according to Experian's research.
Then there's the fact that small businesses are often the targets of cyber crimes because their information is simply easier to get to. According to security experts, 70 percent of breaches involve small businesses, and the recovery costs average a cool $300,000. (You can read more about that here: "'No Business Too Small' to Be Hacked, Says Security Expert.")
Now that you know the stakes, let's recap some ways you can limit your risk of hacks and data breaches:
- Educate yourself and your staff about cyber threats. Most hacks are crimes of opportunity, and individual users are usually the weak links that allow those opportunities. For example, more small businesses are being hacked thanks to spear phishing scams that look like legitimate messages from financial institutions or employers. An employee responds to the email with the requested information, and then cyber crooks can use that info to access other records. Malware links in email or on social media sites can also expose your business's network. (For more on that, read, "Data Security: When Malware Training Could Save You Thousands.") Teach your employees about these tricks, and reinforce that they will never be asked to share sensitive information via email.
- Change company passwords regularly. Be sure to have a different password for each of your major accounts. You'd be surprised how many folks use the same password for everything from computer logins to bank and email accounts.
- Encrypt like your life depends on it. When a stolen data record is encrypted, there's a good chance cyber criminals can't do much with it. And if the stolen information can't be used, it will be difficult to sue your business for damages over the breach. So be sure to encrypt security codes, access codes, passwords, and customer information.
- In the event of a data breach, notify affected parties immediately. The Adobe lawsuit claims the company failed to promptly notify customers after the breach. In most states, you have a set timeframe wherein you must contact affected parties if a breach compromises their information. Read more about state data breach laws in our post, "Small Business Faces $3,000 Fine for Data Breach."
- Carry Cyber Liability Insurance. If you store sensitive third-party information on your servers, this coverage is a must. If you're hacked, first-party Cyber Liability Insurance can help you pay for the cost of notifying affected parties after a breach, repairing security flaws on your network, implementing credit-monitoring services, and more. If you are an IT professional who is responsible for keeping clients' data secure, you'll need third-party Cyber Liability coverage, which pays for lawsuits over client data breaches. This third-party coverage is usually part of IT Professional Liability policies.
To learn more about data security, check out our blog series about data breaches.