Business & Litigation Insights

It's Time To Get Your Cybersecurity Plan In Place

Posted On Feb 10, 2017

Cybersecurity threats pose risks to every type of business. As our dependence on technology has increased, the opportunities for data to fall into the wrong hands are all around.

Every business has some understanding of the dangers of dealing with sensitive data. We’ve heard the horror stories. Hospitals have been held hostage by hackers demanding ransom in exchange for restoring access to electronic files. Data files stolen from retailers have resulted in millions of compromised credit card accounts. Threats include any way fraudsters can use your information to make a buck.

Think of a cybersecurity plan in the same way as a plan you would prepare for any other emergency. Businesses take preventative steps to avoid fires, accidents and other catastrophic events and have plans for how to respond when an emergency comes up. Fire drills, safety procedures and incident response teams can help protect businesses from physical threats. Data breaches may be more difficult to detect initially, but they can have a similar disruptive effect on your business – and on the bottom line.

Your cybersecurity plan should include preventative measures as well as a coordinated response. In the event of a data breach, there are concrete steps that your business should be prepared to take, such as:

  • Investigating where and how a breach occurred.
  • Understanding the scope of the breach and what information was compromised.
  • Bringing in experts to help with the public relations response.
  • Getting in touch with the owners of the information to let them know that the breach has occurred.

All of these steps are important to mitigate the damage and costs of a data breach. The plan isn’t just an IT concern. It encompasses all procedures in your operation.

A 2016 survey of 600 IT leaders at small- and medium-sized businesses found that that 65 percent of all small businesses don’t strictly enforce their password policy and 50 percent have had data breaches in the past 12 months.

People may think of a hacker as some pimply-faced teenager who’s trying to find ways around security systems, but more often cyber threats come from sophisticated operations that likely have more experience than your own IT staff.

For businesses that don’t yet have a cybersecurity plan, putting it off is not an option. In addition to preparing for the inevitable, it communicates to your clients and customers that your business is committed to protecting their private information.

If your business does have a response plan in place, you’ll want to revisit it regularly to make sure that it’s not stale. The threat always is evolving. Stay on top of changes, and be adaptive in your response.

But a plan that only covers the response after an event occurs, without addressing preventative measures, puts you behind from the start. And that leads to increased costs with the possibility of litigation.

South Carolina, like most states, has laws addressing liability in data breaches, and if you can demonstrate to a court that you took all proactive steps that you possibly could to prevent a data breach that can lessen your legal liability.

Small business that are getting started on a cybersecurity plan don’t have to spend thousands of dollars. There are helpful resources online, such as the U.S. Small Business Association, where you can learn more about the issues and some basic steps you can take to minimize the risk without having to spend lots of money.

Consulting an attorney can be helpful in drafting a plan and making sure you have protocols in place to revisit that plan and adjust as necessary. There are also technical experts that can advise on the front-end protections that can be built into computer systems to minimize the risk.

In 2017, the risk of cybersecurity threats is continuing to grow. If your business hasn’t put something in place, now is the time.