Operating in the Cloud: Why Small Businesses Must Address Cybersecurity Risks
Digital information is embedded in the operation of today’s businesses. Simple e-mails or text messages exchanged between employees, employers and employees, or between a business and its customers or vendors are clear indications that a business has delved into the digital age. Even equipment and machines commonly used by businesses, such as copiers or scanners, are often embedded with software that requires maintenance and updates from third parties that take place through the internet. As a result, routine business practices, such as accepting a credit card or any financial, bank, or tax information from a customer, come with sizeable cybersecurity implications. These implications influence the company’s communications, transactions, intellectual property rights, computer servers, and anything “in the cloud.”
No one doubts that working with new technology has simplified how businesses operate. Business owners may even think that information transmitted to third parties and stored on the business’ servers as a result of its operations is secure and cannot be accessed by third parties. However, this is a dangerous assumption to make. Despite firewalls and other types of security, security breaches still occur and business disruptions result. Information may be lost or stolen and, worse, customers may disappear as a result. Moreover, the business may not even know the security breach occurred. Though the original data is there, a cyber-attack may have occurred without the business being aware of the attack until a much later time.
The threat of cyber theft and piracy was highlighted by President Obama when he issued an Executive Order on February 12, 2013. The President recognized that the problem of cyber- attacks, information theft, and data breaches are not only a concern of national security but also threaten the economic security of businesses in the United States. As a result, the Executive Order requires Homeland Security and other agencies to address and provide cybersecurity guidelines for businesses.
Data breaches are not solely a concern for the “Targets” of the world. Cyber-attacks and security are issues that every business, large or small, must address in order to avoid the potential risks and liabilities of operating in the digital world. As a result, every business should address: (1) how to protect the information from a cyber-attack or at least make it less likely that the data will be interrupted by the data breach; (2) what to do if there is a data breach; (3) whether the business is insured against the risk; (4) what the business would do if it finds itself subject to government actions, fines and penalties or liability to its customers; (5) whether a data breach would interrupt the business operation and damage the business’ finances or reputation; and, (6) what the ramifications are to the business and its customers if data is intercepted or otherwise absconded.
Cybersecurity is another risk mitigation issue that all businesses, for-profit and not-for-profit, need to address over the coming weeks. In order to aid in this process, Meyers Roman will provide a series of articles that address many of the data breach risk limitation issues and solutions, what steps need to be addressed if information is stolen, and how to address the litigation, government actions, and investigations that may arise from a data breach or cyber-attack.
For more information, please contact Peter Brosse at firstname.lastname@example.org, 216-831-0042, ext. 144, or Isaac Figueras at email@example.com, 216-831-0042, ext. 188, or your Meyers Roman attorney.