Understanding the Liability Risk of SMB Cyberattacks

Jeff Dotzler
Author: Jeff Dotzler Date: 09/19/2017

The recently disclosed Equifax cybersecurity breach is just another in a long list of epic cyberattacks. Equifax is a powerhouse in the financing industry and helps determine an individual’s all-important credit score. Determining that score requires access to highly confidential personal data including Social Security numbers, birth dates, addresses, credit card information and even driver's license numbers.

As many as 143 million people in the U.S. had this type of personal information compromised in the Equifax cyberattack alone, meaning the hackers likely have enough information to create new accounts in those people’s names.

While the company is taking measures to protect its customers going forward and providing a free year of credit monitoring, Equifax is still suffering a significant financial blow with its value dropping a staggering $4 billion so far. While the company’s insurer will help mitigate some of its losses — with many more likely to come from class action lawsuits — most experts agree its insurance policy is inadequate to cover the costs. What’s hard to attach a dollar figure to is its tarnished reputation and the costs associated with regaining trust in the marketplace.

Is My SMB at Risk of a Data Breach?

Many small and medium-size business (SMB) owners will often suggest that they’re at lesser risk than many of the behemoth companies. “Why would a hacker want to target my small company when there’s bigger, more valuable data out there?”

Truth is, nearly half (43%) of all cyberattacks target small businesses. Why? Most hackers have full knowledge that most SMBs have inadequate data security measures in place. Limited resources and access to knowledgeable IT personnel often make smaller companies an ideal target. In short, SMBs are easy pickings.

Are Companies Liable for Security Breaches?

When a customer entrusts your company with his or her personal information, the company is responsible for any failure to maintain confidentiality of that data. Not only that, but your company would also be liable if a vendor that handles the data suffers a breach. You’ll be required to take on the expenses of customer notifications as required by law, governmental investigations, penalties and any legal action taken by those affected. 

When choosing vendors that may have access to your customer information, be sure to assess the ability of each to handle sensitive data, and insist on a data security policy, response plan and disaster recovery plan. 

Companies should also consider purchasing cyber security liability insurance. If a leak does occur, it can help with recovery costs and keep your business running. Some insurers even have resources and risk managers that can provide training and help mitigate the risks.

What Can My SMB Do to Prevent a Cyberattack?

As many as 50% of small businesses reported experiencing a data breach involving customer or employee data in the last year. It emphasizes the importance of recognizing potential risk factors that make your company vulnerable. Some fixes are simpler than others, such as making sure passwords and Wi-Fi networks are secure. Others require a more robust approach that requires deeper technological expertise, including data encryption, software patches, upgrades and firewalls. Enlisting the help of a Managed IT provider is a critical tool in addressing security concerns, and it can help position your company with the most effective solutions possible.

Even with the latest technology, however, employees who mistakenly click on suspicious email links or accidentally expose data are the #1 access point for hackers. Cybercriminals find it much easier to hack an employee than technology. The first step in ensuring your data stays secure is providing training for employees, yet statistics show that one-quarter of all U.S. employees received no cybersecurity training whatsoever in the past year, and only 45% spent 30 minutes or less on training, according to a Willis Towers Watson’s Cyber Pulse Survey.

Have you provided training for your employees? We’ve developed a helpful infographic that provides important tips for safeguarding your data. Be sure to click the graphic below to get your free copy and share it with employees. And reach out to us for a free, no-obligation consultation to assess your needs and help protect your business from the increasing threat of cybercrime.

Cybersecurity Tips For Employees

Leave a Comment

Written by Jeff Dotzler

Jeff has been with the Gordon Flesch Company for nearly 20 years, starting as a Sales Representative and working his way up to where he serves now as Director of our GFConsulting Group. He oversees a team that precisely aligns strategy and technology to help move customers’ businesses forward.

Need More Information?

We’re ready – and eager – to help you solve your technology challenges.