In the news again – another major company, Equifax, has been hacked and personal data stolen. 2017 has been dominated by high-profile data breaches. As more and more information is stored online, the responsibility to protect credit card and personal information from hackers increases. Is your business data safe?
The most recent major incident resulted in personal details of millions of Equifax customers being exposed. Earlier in 2017, millions of voter records were exposed, and phone numbers, names and pin codes of of six million Verizon customers were left online for over a week. (See 2017 hacking headlines.) And just in case you don’t think a data breach could happen at your small business, think about this. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit responded to a combined 761 data breaches. Of those, 482, or 63 percent, were at companies with 100 employees or fewer. And in 2011 Visa estimated that about 95 percent of the credit-card data breaches it discovers are on its smallest business customers.
But, my business is too small to worry about security
You might think your small business is too insignificant to be a target of a hacker(s), but that may not be true. A company I know with fewer than ten employees was hacked in 2016, their website looked the same, but was compromised with an additional web page left on their site which was ‘signed’ by the hacker. A link to this web page was posted on a little-known hacker-community site just to prove the hacker’s skill set. Luckily, no customer information was on the server and the hackers did no lasting damage.
A survey conducted by the Poneman Institute, an information security research firm, on behalf of insurer Hartford Steam Boiler found that 55 percent of small businesses had experienced a data breach, and 53 percent reported multiple invasions. If you store any customer information online, you could be risking data exposure and possible liability if a breach occurs.
My best advice for smaller businesses and sole proprietors – do not store customer information on your website. Instead of using an eCommerce website redirect customers to a payment gateway, rather than accepting payments on your own server.
Cyber Liability Insurance Protects Businesses
Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information. To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen.
The policies include a variety of expenses associated with data breaches, including notification costs, credit monitoring, crisis management, costs to defend claims by state regulators, fines, penalties and loss resulting from identity theft and business interruption.
Judith Delaney, founder and chief new media compliance strategist for CMMR Group-TurnsonPoint, a digital media compliance firm, said in an article addressing consumer concerns regarding liability, that if hackers accessed information through your company’s online systems, most likely, you would be held responsible.
She also said that everyone — businesses and consumers alike — bears the responsibility to protect sensitive information.
Tony Perez, co-founder and CEO of Sucuri, a website security technology provider,, weighing in on the liability issue, warns that small businesses running an eCommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS).
“It’s not law, but it’s a regulation that will create big problems for you if you’re compromised and found to have been the reason why credit card data was stolen,” he says.
He adds that consumers expect and demand a safe online experience when they visit your site. “They trust that when they visit your website, as a company that cares, you are doing your part,” he says. “When you’re not, and you break that trust, you not only break the trust with your brand but with users general experience with the Internet. Our impacts are larger than our little corner of the web.”
For More Information
- The Online Trust Alliance has a comprehensive guide to understand and preparing for data breaches, available at https://otalliance.org/resources/2011DataBreachGuide.pdf.
- The Federal Trade Commission has materials to help small businesses secure data in their care and protect their customers’ privacy, including an interactive video tutorial, at http://business.ftc.gov/privacy-and-security.
- If your business has had a data breach, you can find important steps at the FTS https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business