When cybercriminals struck some of the biggest of the big box retailers last year, news of the data breaches was hard to miss. Maybe it was all those zeroes: millions of credit card numbers compromised. Tens of millions of customers affected. Billions of dollars in estimated damages.
And hackers aren’t just going after the mega-retailers. Data breaches are on the rise for businesses large and small, from huge tech firms to neighborhood shops. According to the Identity Theft Resource Center, the number of data breaches in 2015 is on pace to exceed the total for 2014. Scan the list of victims: You’ll find family-run businesses and small private practices alongside nationally known names.
Regardless of your business’s size, you’re legally obligated to protect any customer, client or patient information on your servers. If you don’t, you must know the consequences. Recent class-action lawsuits filed on behalf of thousands of affected customers have resulted in multimillion-dollar settlements.
Consider a new law in Delaware that gives individual consumers the right to file a civil lawsuit against a company if it doesn’t take reasonable steps to shred documents containing personal data. Think about that the next time you feel you don’t have time to properly dispose of expired records.
Learn From the Big Guys’ Mistakes
Protecting your company from a data breach requires a multipronged strategy. A trusted vendor can help you manage your electronic and paper data in the safest and most efficient manner possible and develop a plan of action for your business in case a cyberattack does occur.
Here are five ways you can help prevent a data breach—along with a few recent horror stories that made headlines:
- Vet your vendor. A large hospital hired a shredding service to dispose of thousands of patient records. However, many of the records were found, unshredded, in three separate locations—including a public park. Though the hospital promptly found another vendor, the damage was done. Lesson: Ask prospective vendors for references, and confirm that they provide an audited chain of custody.
- Establish a firm set of security best practices. Last spring, the IRS revealed that an employee working at home plugged a thumb drive full of confidential information into an “unsecure network,” potentially exposing the personal information of 20,000 fellow workers. Train your staff early and often about security issues to prevent a similar nightmare.
- Establish a secure, offsite records archive. While many headline-grabbing data breaches have been deliberate hacks, just as many stem from innocent employee error. A trusted records management partner that conducts employee background checks and regular training will help prevent those sorts of information breaches.
- Perform regular and comprehensive backups. Cyberattacks and human error aren’t the only ways to lose confidential data. Recent breaches have involved data that wasn’t backed up, as well as archived files that were apparently mishandled or lost. Work with a reliable partner that can help you back up your data automatically and continuously, and keep it safe and ready to access even in an emergency.
- Notify potentially affected customers ASAP following a data breach. One big box retailer waited more than a month to notify its customers after a data breach—long after most of them had already read about it in the news. Telling your customers quickly will help you stay compliant with state notification laws, not to mention protect your reputation at a highly critical time.
If these and even more current tales of data breaches have you horrified, take steps now to protect your clients’ personal information. Doing so will help safeguard your company’s reputation—and keep your business from becoming the next cautionary tale.