Over 75% of reported security breaches that resulted in the potential loss of personal information by businesses in 2008 were due to the mishandling of unprotected personal data. If you own or run a small business that collects personal information such as a name, along with a social security number, credit card information or date of birth you need to take steps now to protect this information, not to mention your business.
The Massachusetts Department of Consumer Affairs reported last year that of the 318 notification of security breaches that resulted in the potential theft of personal information 75% was unprotected data that was either being stored or transported improperly, 22% was password protected and 3% was encrypted. It seems pretty clear that if you take a few simple and cost effective steps to protect you information through proper password policies and data encryption, your chances of a security breach and loss of data drop dramatically. Doing nothing puts you and your business at risk.
Is Your Small Business At Risk Of Breach?
Another telling statistic is that over 75% of the security breaches came from the financial services business sector (banks, mortgage companies, credit card processing), but that does not mean that others businesses should be complacent in their security efforts. Every business (big or small) needs to take steps to protect themselves against both internal and external potential threats that would result in the loss of personal data.
Third-Party Services Providers
There have been a lot of high profile data losses over the last couple of years and in many cases have involved third-party providers of credit card or other financial services. You need to be aware that if you collect personal information and share it with a credit card processing company, a supplier, or any other third-party support provider, you are still potentially liable if that data is compromised and your business took no steps to ensure that your third-party provider was compliant to all current data security laws and regulations before sharing that information.
That is a potentially hard pill to swallow for a small business owner who uses an online card processing company to facilitate transactions. We assume that they are protecting the data and are well aware of the laws (and most are) and that is why we use them and pay fees to handle the processing, but you need to protect yourself and ask the question and ask for compliance documentation to not only comply with new regulations that are being enacted in Massachusetts and many other states in the near future, but also protect your company against legal action if a data loss occurs.
To learn more about data security compliance solutions, upcoming new laws and tools to develop your own compliance guidelines go to www.bizcompliancesolutions.com
To create your own Written Information Security Plan (WISP) using templates and guidelines developed as part of the Compliance Toolkit… Click Here
