Your Liability in the Digital Age
Updated 2/20/2020
Doing business today presents a different set of challenges and considerations than it did 50 years ago. We not only have more data now, but the ways we collect and manage it come with a variety of risks. We’ve got to worry about storage, access, and protection, to name a few. That said, the team at Infinity is proud to present a panel of experts to break down the less-considered aspects of liability in the digital age and provide recommendations to safeguard your business.
On Wednesday, February 19th, Infinity, Inc. will host a networking breakfast and panel discussion on Cyber Liability and Business Risk at the Charles Morris Center. The event is open to business owners and IT professionals.
Liability Panelists
The panel consists of industry experts Cindy Robinett, Sterling Seacrest Partners; Nicole Pope, HunterMaclean; (moderator Chuck Brown, Infinity, Inc.); John McBride, Green Cloud Technologies; and Matt Scully, Datto.
Click on the image to see more photos from the event.
Takeaways
The panelists shared a lot of great information on how to uncover, manage, and mitigate your liability. There were too many great points to include them all, but here are a few. We recommend printing this list and sharing it with your leadership team. You can cross off the items you’re all clear on, and work together to resolve the rest so your business is better prepared and protected.
- SMBs are being targeted by cyber attacks; it’s not just the big guys. Why? SMBs are usually easier to get into, which means less time and effort required by the cyber criminals, which makes them more money, faster. This is big business for them.
- Find out exactly what your insurance covers. Don’t just guess or assume. Speak with an insurance provider who can customize policies to suit your particular risk exposure.
- Note the difference between Effective Dates and Retroactive Dates on your policies. This is especially important because the origin of a breach can go back months before anything was noticed.
- Understand all the various costs that can be associated with a breach, such as forensic investigators, privacy counsel for federal and state laws, communication expenses to notify those impacted, ransom fees, regulatory fines, downtime, etc. And make sure you know if there are certain authorized vendors you need to use in the event of a breach in order to have your claim approved.
- Get a security firm to perform a risk assessment of your company. Or use this step-by-step guide as a starting point. Keep in mind that this should not be a strictly digital exercise. You may find that your company’s biggest risk is someone in an air conditioning uniform being allowed to walk right into the building and be left with unsupervised access to workstations or server rooms.
- Take a fresh look at your disaster recovery plan. Use the risk assessment to create (or update) it, and then run drills. Don’t just leave your plan on paper and find out after you’ve been locked out of your system that there are no printed copies (or any other similar examples that would prove you never tested the plan).
- Consider sending a security questionnaire to your vendors so you know how they handle various data and situations. Ask them if they have ever been under investigation for regulatory issues.
- Make sure you know the reporting deadlines for any compliance regulations that apply to your business. Some can be as short as 72 hours to notify.
- If your website does not have a privacy policy on it yet, add one. And be careful not to simply pull a free template off the internet. You want a policy that speaks to the kinds of data you actually collect and how you use it. Facebook and Google both collect massive amounts of data; but you can be certain they don’t handle everything the same.
- CCPA and GDPR are relevant to us even here in Georgia. These regulations passed in California and Europe, respectively, do not just apply to businesses operating in those areas. They can apply to anyone doing business with residents of those areas. So if you sell your products or services to anyone in California or Europe, your business needs to comply with their data privacy terms or be prepared to face some hefty noncompliance fines.
The panelists shared so many illuminating (and entertaining) stories throughout this discussion. We heard about the Atlanta ransomware attack asking for $51,000 in bitcoin that has resulted in downtime costs totaling just under 52 million dollars…a company that was breached and handled it according to their plan and policies and was shocked to find their multi-million-dollar insurance claim denied because they didn’t realize they had to choose vendors from an authorized list…plus lawsuits that can crop up after you think a breach has finally been dealt with…and the user error that makes ordering a simple rare hamburger come out differently everywhere you go.
It can seem overwhelming to try and think of all the things you don’t know. So don’t try to handle everything yourself. Reach out to your business partners and trusted advisers. Invest in proper planning so you aren’t scrambling when events happen beyond your control.
Related Resources
A couple of related resources that you might find helpful:
- Allianz Risk Barometer – an annual survey report of the top global business risks, identifying the top corporate risks for the next 12 months and beyond, based on the insight of more than 2,700 risk management experts from 102 countries and territories.
- NetDiligence Mini Data Breach Cost Calculator – a tool you can use to estimate the costs your business might face in the event of a breach.
And of course, if Infinity can help answer questions or get you in touch with any of our expert panelists, please give us a call or send an email. The digital world connects all of us, so the better informed and protected we can each be, the better off we will all be.