Buttressing Your Business Against All Odds
In your world, your business is of highest priority. You sacrifice to meet client needs, work late to meet deadlines—You make things happen. Yet, while you’re building your house, the nefarious underground is working just as hard, chipping away at your foundation. Bit by bit, one client record at a time, your rock-solid reputation can crumble. Are you prepared to deal with such a risk?
Not If, But When
Security researchers fervently stress that hackers are always there, at the perimeter, searching for easy entrance. In fact, a recent New York Times article cites unlikely third-party remote access points as pivotal in the cybersecurity battle—think HVAC systems, printers and videoconferencing equipment, even vending machines. The NYT article references information security expert Arabella Hallawell, who asserts that a staggering 70% of data breaches reviewed by her company have third-party affiliations.
Generally, cybercriminals’ bottom line is financial. When a weak spot is found, prepare for a “no holds barred” attack. News headlines daily remind us that data breaches are costing companies some serious cash. Well beyond scare tactics, this is reality. The question remains: Is your company protected against this inevitable risk?
Most states have enacted legislature in a scrambled attempt to mitigate data breach loss to consumers. Whether they know it or not, they are fighting with shape-shifters. Technology, cybercrime and its perpetrators are constantly adapting; up-to-date is soon out-of-date. Each innovation raises complex questions regarding information security. Here we briefly delve into the legal side of things.
Lost Face Scenario
From the top down, lawmakers and leaders are calling for stricter notification standards. Some call for sweeping, nationwide initiatives, while others prefer a state-to-state method. On that front, here’s big news. In an April 7, 2014 decision, the Federal Trade Commission (FTC) took jurisdiction over a data breach case involving a giant in the travel and hospitality industry. The FTC alleged that the hotel chain’s “failure to safeguard personal information caused substantial consumer injury.” We’re talking about “more than 500,000 payment card accounts, and the export of hundreds of thousands of consumers’ payment card account numbers.” If that averages out to say, $2 per record in fees and follow-up, how could any company afford such a hit?
Though the ruling is specific to this case and its particular circumstances, we can certainly extract a precedent: Federal power can supersede that of states when it comes to protecting consumers. Another lesson: When a data breach strikes your business, consequences promise to be devastating.
Currently in Ohio, House Bill (HB) 104 requires notification if a data breach is likely to trigger fraud. The attorney general is then vested with the power to impose heavy fines if a company fails to comply—from $1,000 to $10,000 per day. Looking at your company’s current assets, knowing that criminals are at the back door, and factoring in state and possible federal laws, you may be at a crossroads. Your life’s work and reputation are at stake—Where to begin? How to proceed? We can help.
The aforementioned FTC case sets a legal precedent, yet it also informs your cyber insurance decision-making. Some vital considerations: Will you be protected if a third-party inroad is the source of the breach? If regulatory fines or penalties are incurred, will you be covered?
Preparing for the inevitable attack means staring into the darkness: Stepping into the unknown and anticipating the worst. Get ready for raw data, numbers and figures. Pinpointing weak spots and realistically assessing possible loss provides a tangible sense of risk—It can also be frightening.
But you don’t have to go it alone. Schedule regular audits to identify vulnerabilities. Stay atop of resources that keep you informed and your systems up-to-date. Moreover, choose your insurance plan wisely: Where do you anticipate most threats originating? Are these the instances for which you would be covered? And which will you be paying for out-of-pocket?
The threat of cybercrime is real, and your livelihood is on the line. Yet despite the dangers, the challenge is not insurmountable. Take the necessary steps to protect the investments you’ve made in your company.