Let’s Talk Small Business

Let’s Talk Small Business
Is Your Business Data Secure?

Is Your Business Data Secure?

In the news again – another major company, Equifax, has been hacked and personal data stolen.  2017 has been dominated by high-profile data breaches. As more and more information is stored online, the responsibility to protect credit card and personal information from hackers increases. Is your business data safe?

The most recent major incident resulted in personal details of millions of Equifax customers being exposed. Earlier in 2017, millions of voter records were exposed, and phone numbers, names and pin codes of of six million Verizon customers were left online for over a week. (See 2017 hacking headlines.) And just in case you don’t think a data breach could happen at your small business, think about this. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit responded to a combined 761 data breaches. Of those, 482, or 63 percent, were at companies with 100 employees or fewer. And in 2011 Visa estimated that about 95 percent of the credit-card data breaches it discovers are on its smallest business customers.

But, my business is too small to worry about security

You might think your small business is too insignificant to be a target of a hacker(s), but that may not be true. A company I know with fewer than ten employees was hacked in 2016, their website looked the same, but was compromised with an additional web page left on their site which was ‘signed’ by the hacker. A link to this web page was posted on a little-known hacker-community site just to prove the hacker’s skill set. Luckily, no customer information was on the server and the hackers did no lasting damage.

survey conducted by the Poneman Institute, an information security research firm, on behalf of insurer Hartford Steam Boiler found that 55 percent of small businesses had experienced a data breach, and 53 percent reported multiple invasions. If you store any customer information online, you could be risking data exposure and possible liability if a breach occurs.

My best advice for smaller businesses and sole proprietors – do not store customer information on your website. Instead of using an eCommerce website redirect customers to a payment gateway, rather than accepting payments on your own server.

Cyber Liability Insurance Protects Businesses

Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information. To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen.

The policies include a variety of expenses associated with data breaches, including notification costs, credit monitoring, crisis management, costs to defend claims by state regulators, fines, penalties and loss resulting from identity theft and business interruption.

Judith Delaney, founder and chief new media compliance strategist for CMMR Group-TurnsonPoint, a digital media compliance firm, said in an article addressing consumer concerns regarding liability, that if hackers accessed information through your company’s online systems, most likely, you would be held responsible.

She also said that everyone — businesses and consumers alike — bears the responsibility to protect sensitive information.

Tony Perez, co-founder and CEO of Sucuri, a website security technology provider,, weighing in on the liability issue, warns that small businesses running an eCommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS).

“It’s not law, but it’s a regulation that will create big problems for you if you’re compromised and found to have been the reason why credit card data was stolen,” he says.

He adds that consumers expect and demand a safe online experience when they visit your site. “They trust that when they visit your website, as a company that cares, you are doing your part,” he says. “When you’re not, and you break that trust, you not only break the trust with your brand but with users general experience with the Internet. Our impacts are larger than our little corner of the web.”

For More Information

  • The Online Trust Alliance has a comprehensive guide to understand and preparing for data breaches, available at https://otalliance.org/resources/2011DataBreachGuide.pdf.
  • The Federal Trade Commission has materials to help small businesses secure data in their care and protect their customers’ privacy, including an interactive video tutorial, at http://business.ftc.gov/privacy-and-security.
  • If your business has had a data breach, you can find important steps at the FTS https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
Is Your Business Prepared for an Emergency

Is Your Business Prepared for an Emergency

We’ve seen what devastating weather can do in the Gulf and Florida to people’s homes and lives and to businesses. Smart planning can help you keep your small business running if disaster strikes. You’ll want to take the right steps to prevent and prepare for an emergency, and know where to get aid if disaster strikes.

An estimated 25 percent of businesses don’t open again after a major disaster, according to the Institute for Business and Home Safety. Protect your small business by identifying the risks relevant to your location, both natural and man-made. Then, keep your plan of action updated.

Preserve your equipment and business records by referencing this IRS guide on protecting your information before an emergency strikes. The Federal Emergency Management Agency (FEMA) also offers an emergency preparedness checklist and toolkit.

Specific disaster checklists and tips

Focus on disasters that pose a realistic risk to your small business. Consult the following SBA resources to lessen the financial impact of disasters and reopen your business quickly.

Hurricanes
Winter Weather
Earthquakes
Tornadoes
Wildfires
Floods
Cyber Security

Source:  Small Business Administration

Get financial assistance after an emergency

When a disaster hits your small business, first contact FEMA to apply for financial assistance. They can provide money for housing along with other personal expenses including food, clothing and medicine.  The SBA and the U.S. Department of Agriculture provide low-interest loans for damaged and destroyed assets in a declared disaster. These include repair and replacement costs for real estate, personal property, machinery, equipment, inventory, and business assets.

Disaster cleanup

Take precautions to avoid injury or illness occurring in the cleanup process following a disaster. The wide range of hazards range from downed power lines and contaminated waters to hidden molds and toxins. If an emergency is affecting your community, connect with them first to check what type of local assistance is available.

The Occupational Safety and Health Administration (OSHA) published cleanup tips specifically for hazards during natural disaster recoveries.

If you encounter hazardous material spills or discharges, call the National Response Center.  The Environmental Protection Agency (EPA) outlines reporting for spills and environmental violations.

More assistance

For more emergency preparedness advice, visit preparemybusiness.org.

For more specific information on Disaster Recovery for Small Businesses, check out my next blog.