Skip to main content
Risk Management Bulletin

Is Your Business At Risk of a Data Breach?

By August 5, 2015No Comments

303 entyty (1)Data breaches are reported daily and are an increasing concern for businesses that collect and store personal information from clients. However, it isn’t just large retailers and credit card companies that are at risk, so are small to medium size businesses. Even more concerning is that smaller businesses typically don’t have the controls or technology in place to properly protect data. All employers should know their risk for a data breach, how to prevent one and what to do if one occurs.

Types of Data at Risk
Many businesses are at risk of a breach simply by the activities that they perform. Businesses that sell items or services on their website can easily be hacked. Storing personal information for employees or clients either in unlocked filing cabinets, or on laptops or tablets that may be stolen is another risk factor. Even businesses that use cloud storage capabilities are at risk of attack. The type of information that is most at risk of being stolen are user account numbers, social security numbers, drivers license numbers, credit card numbers, bank routing numbers and any type of password protected account information. Names, addresses and phone numbers are typically not hacked and businesses are not legally responsible if this information is stolen.

Stop Breaches
Businesses are required to protect personal data no matter where it resides, which requires a multi-prong approach. First, businesses must invest in the latest security features for all software and hardware that it uses. This includes mobile devices such as smart phones and tablets. Additionally, employees who have access to personal information must be thoroughly trained on the proper handling of both the data itself and the systems on which it resides.

Responding to Data Breaches
47 U.S. states have laws requiring businesses to contact individuals if their data is accessed or stolen during a breach. The laws in your state will define what constitutes a breach, who must be contacted in case of a breach and how they must be contacted. It’s also a good idea for businesses at high risk of a data breach to purchase cyber insurance to protect against financial losses.