According to the 2019 Data Breach Investigations Report by Verizon, no business is too small or too large to be a victim of hackers and data breaches. Information of all types has a value. Your business need not have access to millions of dollars to be an attractive target for hackers. That you store personal information gathered from your customers can make you attractive to a hacker who wants to sell that data to identity thieves. Therefore, all business should assume they are attractive to a hacker.
What Did the Current Research Reveal?
Researchers analyzed data from 41,686 security incidents and 2,013 data breaches. Based on that data, breach victims consisted of:
Public Sector Entities 16%
Healthcare Organizations 15%
Financial Industry 10%
Small Businesses 43%
Hacking caused over one-half of the breaches. Business owners may want to review the detailed data provided in the Verizon report breaking down the risk factors for specific industries with a Maryland business attorney. An attorney can help formulate a security plan, policies, and procedures to help reduce the risk that your company is the victim of hacking.
What is the Legal Liability and Cost of a Cyber Attack?
A cyber attack by a hacker can be costly for a company. Some business may need to shut down for several days or weeks as they deal with the consequences of the hack. Just one incident of hacking could cost your company thousands of dollars. Examples of the consequences and costs of an attack on your computer systems include:
System Repair and Recovery — Depending on the damage the hacker caused, you may need to repair your computer systems or replace the entire system. Recovering data may be difficult or impossible. Added to the cost of system repair and recovery is the cost of business interruption as most businesses close during this process.
Expense of Notifications — Various federal and state laws require businesses to notify customers, clients, and all other parties of a data breach or a suspected data breach. Sometimes, a business can face a substantial fine for failing to notify parties of the theft of compromise of their data.
Federal Regulatory Fines — A business may face substantial fines for failing to meet compliance requirements for protecting personal data stored by the business.
General Liability — If customers, clients, or other parties are injured and incur costs because of a hack of your computer systems, your company could be liable for the costs incurred by each party harmed by the breach.
Litigation — Large data breaches have led to class action lawsuits against the companies attacked by hackers. Settlement is not the only cost involved in litigation. Defending a class action lawsuit can be very expensive.
What Can You Do to Protect Yourself from Liability?
A business can take several steps to protect itself from liability in the event of a cyber attack by a hacker.
Train and Monitor Employees. Many instances of hacking begin with an employee making a mistake, such as leaving a password on an unprotected device, leaving their station without logging out, or clicking on a link in an email. Ongoing training regarding cyber security procedures can help reduce the risk of being hacked by an outsider.
Encrypt All Data. Extreme measures should be taken to protect personal information gathered and stored by the company. By encrypting all data on your server, you make it more difficult for a hacker to access any information on your system. Also, set all devices to automatically log out of the system after five to ten minutes of no use. This simple step can minimize the risk caused by employees failing to log out when they leave their desk.
Download and Update Software. Some companies never bother to update their software until the system shuts down because it cannot operate properly without the updates. However, many updates sent to users by software companies contain updates that protect against the most recent forms of hacking and cyber attacks. Applications, operating systems, and software should be updated as soon as an update is provided. However, the authority to install software should be limited to IT personnel only.
Always Use Firewalls. Internet connections are not always secure, even with an encrypted password. Using a firewall places an extra barrier of protection between your system and a hacker. Also, each computer should have anti-spyware and antivirus software automatically updated daily.
Change Passwords at Least Every 90 Days. Some companies change passwords more frequently. Also, use passwords that contain a combination of uppercase letters, lowercase letters, numbers, and symbols. Do not reuse passwords or use the same password for all systems or users. Each employee should have a unique login and password that also is changed periodically.
Limit Access to Data and Computers. Limit access to your data and computers. Physical access to servers and network components should be limited. Employees should not have access to data that is unnecessary for performing their job.
Backup Data to an Off-site Location. A company should have a secure backup of all data and information. However, the same safety precautions should be followed regarding the backup as the company follows for the original copies.
Cyber Liability Insurance Policies. First, a company may want to purchase cyber liability insurance coverage. Some business liability insurance policies may cover small instances of specific cyber incidents, such as losing data because of a natural disaster, hardware failure, or computer virus. However, the policy may only cover the cost of replacement of equipment and the attempt to recover data.
A separate cyber liability insurance policy must be purchased to cover the costs of a breach or cyber attack. The policy should cover losses, including business interruptions, identity theft, loss of data, corrupted data, legal fees and costs of defending lawsuits, cyber extortion, notification costs, and repairing or replacing damaged computer systems.
Do You Want More Information About Preventing and Handling Data Breaches?
The Federal Trade Commission (FTC) provides several guides that can be very useful as you take steps to try to protect your company from cyber attacks and hackers.
Call a Maryland Business Attorney for Help
If you are unsure what you need to do to protect your company from hackers or you are the victim of a cyber attack, speak with a Maryland business attorney to discuss your legal rights, obligations, and options for mitigating damages. Contact Thienel Law today. Maryland business attorney Steve Thienel is dedicated to assisting clients in Maryland, Virginia, and throughout the DC Metro area.