Despite the problems that sensitive data exposure can cause, a lot of businesses are still at risk. Is your business one of them?
$2.7 million. $700,000. $35 million. These big numbers are the fines levied on a few big-name companies for failing to protect information and allowing sensitive data exposure to continue uncorrected—for months in one case. While some of these fines seem randomly determined, even an accidental HIPAA violation has a fine of at least $100 per incident, which could add up fast if your computer was stolen, for instance.
When it comes to personal information and confidential data, however, fines aren’t the only concern. As a small business, your reputation is one of your selling points. Protecting your information, as well as the personal information of your employees and customers is not only the right thing to do, it’s an excellent way to build trust in your community.
What Is Sensitive Data?
Credit information is one of the first things that comes to mind when we think about sensitive data. Personal medical records and social security numbers also make the list. But there’s an entire world of personal information that doesn’t need to be shared without consent.
- Employment information, such as length of employment
- Employee bank information (for electronic deposits)
- Employee tax status
- Employee home addresses
- Customer addresses
- Customer email addresses
- Intellectual property, such as research, computer code, or artwork
- Sales figures
- Donor information
- Vendor information
- Wholesale information (for retail businesses)
There’s plenty more to add to the list, but the point is that you likely have more sensitive information in your files (both electronic and paper) than you may realize. From a legal standpoint, the fines and the fallout for failing to protect that data depends on what, exactly, the information is and whose jurisdiction it falls under.
The Federal Trade Commission (FTC) handles most business data breaches through enforcing acts such as the Graham-Leach-Bliley Act, the Fair and Accurate Credit Transactions Act (FACTA), and similar acts created to protect consumer privacy.
Beyond federal agencies, however, customers can sue a business for sensitive data exposure. And even if you win in court, a lawsuit is costly, both financially and for your business reputation. Inc.com writes that 22% of businesses affected by data exposure lost customers and 29% lost revenue.
Even with a security plan in place, however, sensitive data exposure often happens because of mistakes and oversights. That isn’t to say that a skilled hacker or determined thief couldn’t get through even some of the best defenses, but an easy opportunity is a more likely target than one with safeguards in place.
How to Prevent Sensitive Data Exposure Before It Is Too Late
The good news is that a business can do a lot to prevent data exposure. Implementing a robust approach to data security can minimize or even eliminate the mistakes that lead to a data breach. But first, you have to get your entire team on board.
While the ultimate responsibility for data security may fall to one person, it’s a team job. It only takes one neglectful moment to render all of your security measures pointless. Once you have your data security plan in place, take the next step and work to make sure common mistakes don’t happen.
1. Implement a “Clean Desk” policy.
Make sure employees don’t leave important information on their desks when they aren’t there. This includes that sticky note with computer login information that’s under the keyboard.
2. Don’t reuse or share passwords.
This is some of the oldest data security advice around, yet it’s still a frequent (and major) mistake that will compromise your information. One disgruntled employee can easily steal or corrupt your data, and you would have no way to track that.
3. Don’t store old hard drives.
Don't throw them in the garbage, either. Thieves can retrieve information from hard drives unless you completely destroy them.
4. Update security protocols.
Too many businesses put a document security plan in place and then never update it. Any company policy needs an occasional update, and your plan for keeping sensitive data safe is no exception. Don’t forget to share that update with your employees.
5. Plan to lose data.
No matter how strong your security protocols and no matter how diligent your team, there is still a good chance that your business may expose sensitive data. Good security, including alerts, may minimize the damage, but implementing your data loss plan can further help prevent a major complication. Your plan will depend on what kind of information your business has, but at a minimum, you should expect to:
- Contact your IT professional.
- Contact law enforcement.
- Notify any compromised parties, including employees and customers.
Did you know Pekin Insurance offers data compromise coverage as well as valuable papers and records coverage? Call your local Pekin Insurance agent today to find out how the Pekin PAK Program can help your business.