Do you think data breaches only happen to large companies? Think again. The headlines are filled with stories of huge data breaches affecting thousands of people. But the often untold stories are the hundreds of small businesses that suffer a data breach every year. The truth is, your small business needs cyber liability insurance.
Think for a moment about the information you obtain from customers. Does it include personally indentifiable information, such as name, home address, email address, date of birth, social secuity numbers and credit card information? Do you retain any of that information in digital or paper records? If so, you are at risk of a data breach.
Every State in the US has adopted laws that define “personally indentifiable information” and specify the duties required by organizations that are entrusted with it. In Nevada, NRS 603A was adopted in 2005. This Nevada law defines what information is considered personally indentifiable, what steps a business must take to secure that information and notification requirements to customers affected by a data breach.
In short, the law requires that any business that collects personally indentifiable information must protect that data. In the event of breach, the business must notify every potentially affected person by mail, email or media notification. The business may also be required to notify the credit reporting bureaus. Customers may also demand the business provide a credit monitoring service to prevent indentity theft.
According to a study by Fireeye, small businesses are a common data breach target for several reasons:
- Small businesses often underestimate the value of their data to a hacker.
- Cyber attacks against small businesses are relatively simple to undertake and offer high returns for criminals.
- Small business are an easier target, often using less sophisticated computer security systems and protocols.
- Most small business owners have their guard down. Cyber attacks are not typically the first thing on their minds.
- Nearly all small business owners have no plan to deal with a data breach or cyber attack.
So how can you prepare your small business for a cyber attack and data breach? Here are some great steps recommended by Forbes and Fireeye:
- Train your employees completely and frequently about data security. Have written policies about using business computers for personal use. Employees should understand the dangers of visiting websites outside the scope of their work, and know the consequences for failing to follow company policy.
- Use two-factor authentication whereever possible.
- Keep accounting systems seperate from computers used for other transactions.
- If employees use their own devices for work, such as laptops, cellphones or tables, adopt written polices requiring security protocols for those devices. Check that the protocols are being followed frequently
- Require complete destruction of any written documents that contain personally indentifiable information, once they are no longer needed. In addition, try to limit the amount of paperwork generated that contains customer information.
- Use enterprise level security software on all computers and make certain it is consistently updated.
- Make sure all internet traffic is filtered and that proper firewalls are being used. All routers and switches should be business or enterprise grade, not products designed for home use.
- Do not forget physical security. A data breach does not always occur from a cyber attack. Make sure your business has an adequate security system and that access to computer hardware (routers, modems, etc.) is limited.
Small Business Needs Cyber Liability Insurance
Lastly, purchase cyber liability coverage from Safeguard Insurance. Cyber liability insurance has become surprisingly affordable as more and more insurance carriers offer this coverage. Cyber Liability insurance covers 1st party expenses such as notifying customers and providing credit monitoring. It also covers 3rd party expenses, such as litigation against the business.
Contact Safeguard Insurance today for a no-obligation quote on cyber liability insurance.