What type of information do you keep about your employees?
- Do you keep employee files?
- Do these files contain information such as social security numbers, direct deposit information, employee reports, or workplace incident reports?
- If so, what do you do to protect those files?
If your system is breached, hackers could gain access to employees’ bank accounts, steal their identity, or release potentially embarrassing information about the individual or your company. If you keep potentially sensitive information, such as credit card numbers, about your customers as well, the problems get exponentially worse. And who ends up being liable? The small business.
Small businesses need to take steps protect themselves, their employees, and their customers from data breaches. Why? Because data breaches are expensive, can decrease employee and customer enthusiasm for your business, and can lead to litigation.
Contrary to popular belief, small businesses get hacked all the time. Half of all data breaches occur at companies with less than 1,000 employees; and a third of all data breaches occur at companies with less than 250 employees. It turns out that small businesses aren’t as careful with protecting sensitive information as larger corporations (although large corporations are not all that careful either). Hackers are taking advantage.
In California, all data breaches are required to be reported to the California Attorney General. Because this is the case, we have some great information on the frequency of data breaches and what kinds of companies are affected. Per an article in the LA Times, “The big data breaches make headlines . . . . But for every high-profile case, there are dozens of threats to confidential data held by everyday enterprises: wine shops, dentist offices, colleges . . . makers of dog tags, defense electronics, sports gear,” etc. In addition, many data breaches are not the sophisticated breaking down of firewalls and downloading data from a remote location that we think of when we hear “data breach.” Many times, it is a disgruntled employee that steals proprietary information or places malicious software on an office computer, a thief who snatches a business laptop, or someone stealing plain old-fashioned paper files.
Small businesses need to make sure they are cognizant of the risks that come with keeping sensitive information about their employees and customers. Auditing what information you have, making sure any sensitive information is safe, and instituting administrative procedures that limit access to that sensitive information will go a long way toward protecting your business from harm in the future. In an upcoming blog post, we will discuss concrete, simple steps businesses can take to prepare for a data breach. If you are concerned about your personal or company liability, call us now at 855-522-5291.