From websites and social media to e-newsletters and mobile apps, it's virtually impossible to survive in today's marketplace without having a digital footprint of one form or another. And when it comes to conducting business in the online world, protecting your clients' personal data is paramount.
On that front, more than half of all small businesses suffered a breach of client data within the last year, according to a 2019 study by the insurance firm Hiscox. And given that the cost to resolve a single breach averages roughly $200,000, digital privacy is a major liability for businesses of all sizes.
In addition to the risk of getting hit with a lawsuit from a client whose data was stolen from your business, you must also take steps to comply with an ever-evolving set of federal and state laws governing data privacy. For example, the Fair Credit Reporting Act (FCRA) imposes stiff fines for failing to adequately protect client credit card information, while the Health Insurance Portability and Accountability Act (HIPAA) imposes similar penalties for those who fail to protect healthcare data.
At the state level, there are hundreds of different data privacy laws, though right now, California and New York have the most robust regulations. The bottom line is that failing to adequately protect your customer or client's personal data can result in serious consequences.
To help you stay in compliance with the laws and avoid lawsuits, here are three essential strategies for managing the privacy and security of your client's data. Although you should meet with an experienced business lawyer like us to implement a comprehensive digital protection plan, these three actions should get you off to a good start.
1. Install multiple layers of security
To protect your company's server and computers, you should install a comprehensive array of security systems, such as anti-virus software, firewalls, intrusion-prevention systems, and anti-subversion software. The key is to add as many layers of security as possible, since hackers are likely to move on to an easier target, if your network and devices are well defended.
And don't forget to regularly install updates to your security software, so you'll be protected against the latest threats. Regularly check your software vendors' websites and the U.S. Computer Emergency Readiness Team's (UC-CERT) site to stay up-to-date on the latest viruses, vulnerabilities, and patches.
2. Select the most secure web hosting service
Web hosts house your website and data on their own off-site servers. There are numerous web hosting companies out there, and they come with varying levels of server-side protection, including security cameras, anti-virus and anti-spyware systems, and hard-wired firewalls.
Choose a web host that offers a high level of security, especially against cross-side server attacks, which involve hackers who open a fake account with the web host to access other websites on the same server. For enhanced protection, use a virtual private server (VPS), which partitions your website from other sites that share the same server.
For maximum protection, open a private server account in which your website and data are maintained on your own separate server. This option is fairly costly, but still a lot cheaper than getting fined or sued for a data breach.
3. Invest in cyber insurance
As with other forms of liability your business faces, having the proper insurance in place is a foundational aspect of your company's data protection plan. To this end, you'll want to purchase a cyber insurance policy.
Cyber insurance offers protection against damages resulting from data breaches, hacking, network failures, and other events. If your business' network is breached, the cost to recover and restore this information can be extensive. And as mentioned earlier, you can also be held liable for damages to third parties, such as customers and vendors, whose data was lost or stolen from your system.
Depending on the coverage purchased, cyber insurance can pay for a wide array of services needed to repair your network and retrieve your data, including investigative analysis, business interruption, and data recovery. It can also cover the cost of notifying clients of the breach, paying regulatory fines, as well paying for lawyer fees, judgments, and settlement costs resulting from a lawsuit.
Not all businesses need cyber insurance, and the ones that do can require varying levels of coverage. Before you buy a cyber policy, consult with a trusted business lawyer like us to assess the risk your particular business faces and determine the kind of policy best suited for your situation.
4. Hire cyber security experts
If you are in an industry that's at high risk for cybercrime, such as finance, banking, healthcare, or logistics, consider hiring outside cyber security professionals to monitor your company's server and computer activity. These experts are specifically trained in the latest trends in hacking and other electronic infiltration methods.
However, such security firms are often quite pricey, and not all businesses will need to partner with one. We can help you better assess the risk and reward of hiring one and advise you on whether your company requires such an investment or not.
Regardless of the size of your digital footprint, you should stay apprised of the latest cyber threats and digital privacy laws to ensure your client's data is secure. We can advise you on the safeguards you should have in place and keep you updated on the ever-changing legal landscape surrounding data privacy. And if you're ever hacked, we can defend you in court against any lawsuits or other liabilities that might result. Contact us today to learn more.
We offer a complete spectrum of legal services for business owners and can help you make the wisest choices on how to deal with your business throughout life and in the event of your death. We also offer you a LIFT Your Life And Business Planning Session, which includes a review of all the legal, insurance, financial, and tax systems you need for your business. Schedule online today.