“Securing cyberspace is one of the most important
and urgent challenges of our time.”
-Senator Jay Rockefeller, Former Chairman of the Senate Commerce, Science and Transportation Committee
Small Businesses Face Cybersecurity Challenges
According to the Verizon Business 2020 Data Breach Investigations Report (“DBIR”), almost a third or 28% of data breaches in 2020 involved small businesses.
If you are reading this, it is a good indication that you or your company is committed to protecting itself, as well as its employees, partners, and clients from damaging cyber security breaches that are intentional or unintentional. Domestic and international laws alike are increasing privacy standards for how and when companies should take efforts
to prevent the disclosure of confidential client information. Whether sensitive or confidential data is passively stored on office computers, hidden in metadata while transmitting an electronic communication, or inadvertently transferred through other means, companies should pursue multiple options to minimize the risk of disclosing confidential information.
When companies choose an appropriate compliance mechanism to establish adequate safeguards for data importers and transferees, they should carefully analyze their particular situation, industry, and scope of domestic, interstate, or international commerce.
The Danger to Small Businesses
According to DBIR, the dividing line between small and large businesses is increasingly smaller, in part due to the movement toward the cloud and its numerous web-based tools, as well as the continued rise of social attacks. These factors have led the criminals to alter their forms of attack to get the information they need in the quickest and easiest way. Whether it is a threat of spyware, backdoor malware, physical tampering, phishing attempt, use of stolen credentials, or other hacking attempt to a company’s eCommerce site, blog, V-log, podcast, or other digital assets, companies should actively and routinely take steps to protect its domain and privacy compliance standards.
This not only ensures company and client data is safe, but a robust security platform becomes one more tool companies can use to attract new customers.
Cybersecurity: Protecting Small Business Personal and Client Data
What is reasonable cybersecurity protection for a company depends upon the circumstances including, for example, the sensitivity of the confidential information that may be disclosed, the potential adverse consequences from disclosure, any special instructions or expectations of a third-party or client, and the steps that the company takes to prevent the disclosure of metadata.
COVID-19: New Risks to Cybersecurity
The COVID-19 pandemic is also responsible for changing the way businesses are operating. As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount. In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.
Developing Comprehensive Small Business Protocols and Compliance Standards
Since effective security is a team effort involving the participation and support of every user that interacts with a company’s data and/or systems, it is a necessity for your company’s information security requirements to be made available or published to all users in an format that is understandable and concise.
The development of corporate policies ensures users, employees, and company vendors have a means to understand their day-to-day security responsibilities and the threats that could impact a company within the industry it operates.
In developing corporate policies, companies should consider:
- Detecting the different ways hackers can access employee files and business systems
- Identifying new and emerging cyber threats
- Isolating weaknesses in your company systems
- Recognizing various tactics to thwart system threats
Implementing consistent security documentation will help your company comply with current and future legal obligations to ensure long term due diligence in protecting the confidentiality, integrity and availability of data and systems.
Encrypting files to Protect Your Business
One simple, practical tool for small businesses?
Encrypting files is a critical security measure considered by privacy experts to be one of the best first steps a business can take to keep business data secure. Encryption is useful for anywhere your employees might have sensitive or confidential data: computers, laptops, mobile phones, tablets, portable media such as USB drives, etc.
If an encrypted device is lost or stolen, it will not be possible for someone to access the contents without the encryption password. For small businesses, Windows 10 has a built-in tool, BitLocker, and Mac OS has its FileVault option that can be easily configured and turned on by your IT department as a free and easy to use solution to add to your company’s cybersecurity protocol.
“Know your enemy and know yourself and you can fight a hundred battles without disaster.” – Sun Tzu
Small businesses can take this cybersecurity protection one step further by using encrypted email for sending confidential information. If you use a file-sharing service like Citrix ShareFile, ZixCorp, Box, SharePoint, GSuite and others, it is important to make sure your small business data is encrypted both at rest (stored on the system) and in transit (when sending, receiving, uploading, downloading, etc.). While those two solutions are usually not free, the cost is typically very low for the protection it affords.
If you have questions about developing or updating your company’s cybersecurity standards, legal guidelines, and/or compliance programs, call The Law Offices of Angela C. Schulz, PLLC today at 704-755-5254 or email firstname.lastname@example.org to schedule an initial consultation.
About the Author:
Angela Schulz is the Managing Attorney of The Law Offices of Angela C. Schulz, PLLC in North Carolina and practices data protection and information technology law.