Cybersecurity Best Practices for Business
Businesses both large and small are being targeted on a daily (hourly) basis by criminals anxious to mine whatever data they can from your hard drives, email accounts and accounting files. What steps should your business take to protect itself?
IntroductionDoes your company need to be concerned about cybersecurity? The short answer is yes. Businesses both large and small are being targeted on a daily (hourly) basis by criminals anxious to mine whatever data they can from your hard drives, email accounts and accounting files. If you have ever taken a customer payment by credit card, then you are in possession of information that is attractive to hackers.
Bray & Long has recently begun working with its clients to develop best practices for their intake and protection of third-party information. The issue is not whether your business will get hacked, but when. And from a liability perspective, you need to be just as concerned with third-party claims alleging negligent maintenance of their data as with the immediate damage caused by computer criminals who find their way into your system.
We are looking to develop a standard for our clients to follow whereby they will know what concrete steps should be taken on a routine basis to not only protect confidential data, but to defeat claims of negligence when and if cyber criminals are successful in penetrating their systems.
Next StepsPart of our effort has been to digest the many best practices white papers recently published by governmental and public interest groups addressing cybersecurity. One of the best is from the Department of Justice Cybersecurity Unit, which was published in May of 2015. If you are looking for a great place to start in terms of familiarizing yourself with the issue and scope of danger in today's digital environment, this is it.
For any questions you might have about what steps should be taken to protect yourself legally from claims involving data breaches, contact legal counsel and ask that they present a plan for your company to conduct a comprehensive legal audit which would include cybersecurity and related liability issues.