Most small and mid-sized businesses think, “Security breach – that’ll never happen to me! I’m way too small for a hacker to target.” Time to think again.
This kind of thinking has led to a widespread vulnerability in the SMB market. ow that larger corporations have upgraded their defenses, cybercriminals are starting to exploit this weakness by shifting their attention downmarket.
At the same time, legislatures have developed new laws to protect customers in the event of a breach. Even small businesses are required to report any possible identification to their clients. Understanding how the law works will help you defend yourself from a data breach, as well as assess precautionary measures.
By the end of this article, you will be able to define and understand data breaches like a Georgia state legislator. Next week will discuss actions and implications.
Cybercriminals have shifted focus in the last 2 years from large corporations to SMB territory. We covered some of the recent data on security breaches previously on the blog, but new readers should be aware that mid-sized businesses now account for 31% of all cybercrime, up from 19% in 2012. Small business now represents a similarly large piece of the pie.
So yes, knowing what to do when a data breach occurs is important for everyone, particularly smaller firms.
Most states have adopted their data breach statutes from California’s initial SB 1386, so the language tends to be identical or at least very similar.
A data breach is defined as: “The unlawful and unauthorized acquisition of personal information that compromises the security, confidentiality, or integrity of personal information.” The key term is “access,” meaning that if you discover that an unauthorized person has broken into the back end of a website, and could have seen personal information, then you have a security breach on your hands.
Personal information is also important to define. Clearly, if you store usernames only, then that information alone would be worthless to a cybercriminal. Georgia and most states use the following formula to determine when personal information “compromises security.”
The identifying information must include:
First name (or first initial)
Last name
And any one of the following:
SS#
DL#
State ID#
Bank account, credit card, or debit card with any access code, PIN, or password needed to access the account
*Information is disqualified from being deemed personal when it is publicly available, as by any government agency’s public records, or by widely distributed media.
Come back next week for Part II: what actions a business must legally take in the event of a breach, and the implications of this statute.
Call our business managed IT services department directly at (404) 777-0147 or simply fill out this form and we will get in touch with you to set up a getting-to-know-you introductory phone call.
Fill in our quick form
We'll schedule an introductory phone call
We'll take the time to listen and plan the next steps
11285 Elkins Rd Suite E1, Roswell, GA 30076
Hours: Monday - Friday
8:00 am - 5:00 pm
Hours: Monday - Friday
8:00 am - 5:00 pm
If you want our team at Centerpoint IT to help you with all or any part of your business IT, cybersecurity, or telephone services, just book a call.
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
