News Archive
Small Business Development Center at USF Offers Cybersecurity Tips for Small Businesses
By Pat Gordon
TAMPA (April 24, 2017) -- As if you don't have enough to think about while running your own business – ever increasing competition for customers and employees, managing bills and cash flow, learning the ins and outs of social media marketing and which human resource laws apply to you – along comes cybersecurity and data breaches.
According to Small Business Trends, 43 percent of cyber attacks take aim at small businesses. More alarmingly, 60 percent of small businesses go out of business six months after a cyber attack. Being concerned about the security of your customer data is an ever-increasing issue in 2017.
Like a lot of business owners, you might think (hope) that it probably won't happen to you. After all, you have a small business, a small database of customers and maybe you don't even collect credit-card information – just names and addresses and a little history of purchases.
Identity theft can be accomplished simply with a person's name and email address. Once a hacker reaches a friendly customer service representative at almost any place the individual might shop (think Amazon, Wal-Mart, Target), they can simply change the mailing address on the account and the misery begins.
Why would someone want to go after your customers' information? Why not go after the big guys? This is why: Large businesses have legal departments and data security personnel who are well aware of the dangers of security breaches. They have been putting protections in place since the early 1980s when modern day hackers were just getting started.
Unfortunately, most small business owners don't take the time to put protections in place before an incident occurs and they don't realize what they need to do when their customer information is stolen. And don't forget how much information you collected on your employees when you hired them – you are responsible for protecting their information also.
Here's a sampling of some of the laws and regulations in place that may impact you:
- According to the Florida Information Protection Act of 2014, a business must send written notice to the Florida Department of Legal Affairs if 500 or more records were potentially breached. It doesn't take too long for a business to collect 500 names in their database if they're doing their marketing well.
- The written notice must be received within 30 days of realization of a possible breach and include a description of the event, remedies for future protection and services provided to the possible victims.
- The Department of Legal Affairs will then request police reports, possibly computer forensic reports and your business' previously established policies for protecting data.
- If you do not properly notify the Department of Legal Affairs and all those individuals who might be affected, your business can be liable for fines in the amount of $1,000 each day up to the first 30 days and $50,000 for each additional 30-day period.
- If the violation continues for more than 180 days, the fine can be up to $500,000 per breach.
- These costs don't include the expense of going to court if you are sued.
- Even if your data breach involves a small number of individuals, your business can still be sued for negligence by individuals, attorneys and the Bureau of Consumer Protection.
For small businesses that don't have the luxury of an in-house legal department, one of the most critical things for a business owner/manager to do is to create a company policy that protects the customers' information:
Step 1 – Think about how the data can be better protected.
Step 2 – Decide what information to keep, how long to keep it and how to protect it.
Step 3 – Lock up computers, change passwords often, lock file cabinets and offices.
Step 4 – Put Steps 2 and 3 in writing and add them to the policies and procedures manual.
Step 5 – Ask about data breach insurance.
Pat Gordon is a Florida SBDC at ßÙßÇÂþ» business consultant, based at the CareerSource Suncoast Center in Venice.