It is becoming commonplace to hear of big companies experiencing massive data breaches. However, beneath the surface remains a much larger issue affecting businesses of all sizes. Cybercrime can happen to anybody.
There are many small business owners that are operating under the belief that hacking only happens to large companies with big pockets. This type of complacency makes small businesses even more vulnerable, as cybercriminals often see them as an easy target.
Storing personal data is widespread. Irrespective of size, the majority of businesses hold personal data and creating a virus to attack a number of businesses at once is not much of a challenge to a sophisticated cybercriminal. Small businesses tend to use less sophisticated digital systems than larger companies, that usually have dedicated IT teams. Data loss can also take many forms, including data breaches, malicious software and lost or misplaced devices that contain sensitive information.
Modern-day consumers are very cautious about providing their personal information to businesses, as they are becoming more and more aware of the nature of data loss and the impact that this can have on them.
According to the Government’s Cyber Security Breaches Survey 2018, 43% of businesses in the UK had a cybersecurity issue in the previous 12 months. Yet, less than a third of businesses have a proper cybersecurity policy.
Backing-up data to encrypted Cloud servers is advisable for data management. However, it is not a complete solution. If your business uses various devices and software then data can be lost or hacked. Cybercriminals keep pace with firewalls and other preventative measures you may have in place.
Data laws cover the loss of personal information but there is a common misconception about what “personal data” actually is. If your business stores email addresses or other personal data such as staff names and numbers or lists of suppliers on any digital software, including mobile phones, then you become vulnerable to data privacy and security risks.
This information does not need to be stored for any substantial amount of time. From the very moment that a customer provides this personal information to your business, no matter how temporary it may be, it remains vulnerable.
WannaCry was a cyberattack that infected over 230,000 computers in over 150 countries in 2017. It affected companies and services including the NHS in the UK, Telefónica in Spain, FedEx and more. It worked by spreading across local networks, encrypting the data on the machine and demanding a ransom in return for the decrypted data.
Perhaps rather surprisingly, as of yet, no one has invented a complete solution to data breaches. Without proper protection, there is a risk to businesses in the UK of punitive fines inflicted under the General Data Protection Regulation.
All business owners need to take control of the situation and minimise the potential damage caused by cyber-attacks and other data loss by considering cyber liability insurance. A professional indemnity insurance policy can also help by providing the insured with protection against legal defence costs and compensation fees to claimants. Do not leave it to chance or hope that you can make a claim on general business cover.
As a business owner, the right insurance policy will go a long way to helping you to respond to any data loss or breaches quickly and successfully.