Cybersecurity is a growing concern for businesses, and small businesses are not immune from the threats posed by cybercriminals. Don't be complacent because your business is small: Almost half of all cyberattacks in the U.S. are directed at small businesses. In recognition of this serious problem, in August 2018, President Trump signed into law the NIST Small Business Cybersecurity Act, requiring the federal government to provide resources to assist small businesses in reducing their vulnerability to cyberattacks.
What Should You Do?
It is important for you to take steps to protect your business's data, reputation, and customer and employee information. The following actions are among the most important for small businesses to consider:
- Establish easily accessible cybersecurity policies for your company, include them in your employee handbook and offer periodic employee training on what you require. As an aside, employees should be required to take any necessary steps to protect customer and business data. Some additional common practices include:
- separate user accounts for each employee,
- strong passwords for all laptops, tablets, and smartphones, that are changed every three months,
- prohibiting the installation of any software on to company computers without permission, and
- limiting administrative privileges to key employees and IT staff.
- Restrict employee access solely to the business's information and systems needed to do their jobs. When an employee leaves the organization, make sure he or she no longer has any access to this information.
- Make sure your software, web browsers, and operating systems are updated regularly to defend against viruses, malware, and other online threats. Also, install hardware and software firewalls on all of your computers and networks, even if you use a cloud service provider or virtual private network.
- If employees use mobile devices that can access the business's network or confidential information, require them to password-protect their phones, encrypt their data, and install security apps to safeguard information when the phone is on a public network. Reporting procedures should be put in place for instances in which mobile devices are lost or stolen.
- Frequently backup all of your business's important information and store copies in a separate location or in the cloud.
Proactive steps to guard against cyberattacks are not only important to protect your business's financial welfare, they are also necessary to avoid liability under data privacy laws. If your customers' or employees' personal information is obtained by unauthorized parties, you may be vulnerable to civil liability if your business did not take the steps required by state law or steps reasonable under the circumstances to protect their information.
In addition, if a data breach occurs, you could also be liable for civil penalties or claims brought by affected individuals if you don't act to mitigate the harm or remedy the situation, for example, by providing notice to those whose personal information was affected, even if your business initially took the proper steps to avoid such a breach.
We Can Help
Are you concerned that your business is vulnerable to cyberattack and the liability that may arise if your business is affected by one? Every business is different, and your cybersecurity strategy should take the nature of your business into account. We can help you evaluate your individual situation and take the necessary steps to protect your business. Please give us a call today to set up a meeting.