Are you locking the front door on your company’s sensitive data, but leaving the windows open? You are if you’re not protecting your Internet-access material, requiring a business need for every device that’s open to the Internet (including employee-owned devices), or using a firewall that blocks basic ports. Hacking and malware account for 72% and 54%, respectively, of data breaches experienced by small businesses, according to a recent study conducted by Verizon.
Small to medium-sized businesses are at a disadvantage due to inadequate technology staff resources and reliance on security set up by vendors and other third parties, which can be fatal. Data breaches can wipe you out financially or ruin your company’s reputation.
Even if you have a data breach response plan in place, you could be overwhelmed by what actions your business is required to take. The U.S. has 47 state-specific data-breach notification laws in effect, and they are all different, according to channelnomics.com. If you offer services or have customers in more than one state, the compliance costs to follow each state’s legal notification requirements could be significant. In addition to the notification laws differing between states, so are the follow-up requirements, such as providing police reports and free credit reports.
It’s important to have a business identity theft protection plan that addresses these issues thoroughly. You may have to enlist the services of professionals to do the necessary work and comply with all the regulations. Your business identity theft protection plan should include:
1) Proactive Monitoring. Business identity theft defense begins and ends with continuous monitoring of your business profile, so that you can get a 360-degree look at credit and reputation statuses. Because business identity theft crimes can extend into the future, you’ll want to keep a close eye on your business using a service that sends you alerts if any suspicious activity shows up.
2) Data Breach Response Plan. A plan should be prepared within 48 hours of discovering the data breach. It should include a complete review of state and federal laws, as well as assistance with client notification letters, employee talking points and FAQs, plus the set-up of a call center to help handle customer calls.
3) Managed Remediation and Recovery. Comprehensive plans should also include research, remediation and recovery services. The best plans offer these services to compromised individuals for up to 24 months following the breach incident. Some plans offer a co-branded website for a small fee, and provide additional monitoring services during the remediation period for victims.
Call Tedford Insurance 918-299-2345 for more information on protecting your data.