“It Won’t Happen To Me!”

“It Won’t Happen To Me!” 

Have you felt the impact of increased regulation on the small business sector?  It seems that no matter which business vertical you are involved in, some government entity wants to make sure you are carrying out your business activities in a manner compliant with laws and regulations. 

Some of these regulations make you scratch your head in wonder and some of them make perfect sense.  One of the areas that fall into the latter category of making sense has to do with Data Breach Preparedness and Response.  Too many business owners are ignoring this area of risk and, to their own detriment, they are exposing themselves to huge consequences, including the potential loss of their businesses. 

By definition, a Data Breach is the unauthorized use, access to, or disclosure of records or data containing personal information.  Businesses are required to protect PII (Personally Identifiable Information) - Information that relates to an individual that can be used on its own or with other information to identify, contact or locate that individual, regardless of the format of that information. 

When we hear the term “Data Breach”, most small businesses think in terms of a cyber-criminal hacking into their systems from the outside.  However, statistics show that only 20% of Data Breaches are from outside sources.  More than 64% of Data Breaches are caused by employees, either accidentally or maliciously.  According to independent studies, over 60% of such breaches are attributable to employees in financial distress or with criminal backgrounds. 

Most business attorneys believe that more than 98% of small businesses are not legally compliant or adequately insured when it comes to Data Breach law.  There are Data Breach laws in 47 states along with federal law.  Failure to pay attention to and comply with these laws and regulations is like burying your head in the sand, hoping you don’t have the inevitable Data Breach. 

What should the small business owner do?  First, make a quick assessment with these questions:  

• Has your business adopted a Written Information Security Program (WISP) as required by your state’s law?

• Do you have a written plan in place for when your Data Breach technologies are defeated?

•  How would you handle an internal breach where an employee compromises information either accidentally or maliciously?

•  

   Have you instituted an employee training regimen with documentation?

• Do you have a written Post-Breach Reaction Plan?

•  Do you have vendor contracts in place to safeguard data you are required to protect? (If your payroll firm, accountant or CPA suffers a Data Breach involving the information you shared with them, you are still responsible for that data being breached.)

If you have not taken these steps it is likely that you are not legally compliant.

• Are you adequately insured? (Most business owners falsely believe their current insurance will protect them.  Traditional insurance such as general liability, property, errors & omissions, crime/fidelity, and directors & officers don’t protect you.)

• Do you have a Data Breach rider or cyber insurance? (If your premium didn’t increase by $3,000-$5,000 this year then it is unlikely.)

The result is you are most likely not adequately insured for a Data Breach.  

If you are like most small business owners, you are busy trying to generate revenue and meet payroll and other responsibilities.  You need help in addressing your responsibilities to be compliant with the law and explore available options.  There are products available in today’s marketplace that address pre-breach preparedness and post-breach response that include compliance and associated cost concerns.  These products provide small businesses with an enterprise solution at an affordable price point.  That is why I believe it is worth a conversation. 

My father used to say, “Son, you don’t know what you don’t know.”  Either you know what the laws and regulations require of you or you don’t.  Either you are prepared for the inevitable Data Breach or you are hoping it won’t happen to you.  

If you are a Franchisor, a Franchisee or an independent small business owner don’t go another day without adequate preparation.  Feel free to give me a call at 970.978.0665 and I can get you pointed in the right direction! 

Doug Smith is a 40 year consulting veteran in the small business and franchising arena and spends his time helping entrepreneurs understand the implications of lending and helping them secure the right lending product mix for their business or franchise project.  He is the founder of Biz Finance Solutions – www.bizfinancesolutions.com.  Besides providing both traditional and non-traditional approaches to business finance, he helps new and existing business owners and franchisors make sure they have answered the questions of legal compliance and adequate insurance when it comes to Data Breach Preparedness and Response. He can be reached by telephone at 970.978.0665 or via email at [email protected].