Got Effective Cybersecurity Practices? Be Aware: The FTC Is Watching You. Data breaches can happen to any business -- not just those with big names. Claiming "I didn't know" won't suffice when this happens to you.

By Adam Levy

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Following a July ruling against medical testing laboratory LabMD (which is now out of business), the Federal Trade Commission has emerged as a central regulator of cybersecurity practices for U.S. businesses. The FTC's mandate to act on "unfair or deceptive" business practices that could harm consumers is being interpreted in a way that means any business that handles (and might potentially mishandle) consumer data is liable to fall under the organization's scrutiny.

That's almost every business today.

Related: 5 Cybersecurity Tools Your Company Should Have

Some background: The Commission reversed an administrative law judge's ruling and found that LabMD, a clinical laboratory for physicians, failed to protect the sensitive personal and medical information of consumers. From 2001 to 2014, LabMD collected this information for over 750,000 patients.

Based on the LabMD ruling, which cited a lack of "even basic precautions to protect the sensitive consumer information maintained on its computer system," it appears that actual harm from a data breach doesn't necessarily need to be proven if the potential for harm exists.

The ruling sends a clear and sobering signal to business owners: You must make significant, demonstrable efforts to protect yourself from data breaches or face the consequences.

Related: Court Rules FTC Can Come After Your Company After a Cyber Attack

A glimpse of what's to come

"LabMD's security practices were unreasonable, lacking even basic precautions to protect the sensitive consumer information maintained on its computer system," the FTC ruled. "Among other things, it failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected."

For small business owners who have a seemingly endless list of concerns to address, making time to focus on data security best practices is sometimes difficult to justify. But it has to be done: The FTC and other government entities are only going to sharpen their focus on data security and consumer privacy in the coming years. Data integrity must become a core aspect of doing business (rather than a minor detail that can be overlooked).

With this in mind, small business owners should be aware of a few common misconceptions surrounding data security, as well as the best practices they should rely on to address them:

Misconception No. 1: Data security is a "big business' problem.

A surprising number of small business owners look at data security as something they don't need to worry about. You'll hear owners say, "Nobody is interested in the data we have. We're not Sony or a government agency."

But the truth is that cybercriminals are most certainly interested in your data, and according to Fox Business, 43 percent of worldwide attacks in 2015 were against small businesses with fewer than 250 employees.

On top of that, the prevalence of ransomware attacks means that it no longer matters if your data is important to other people. If it's important to you -- the owner -- hackers can take it and force you to pay large sums of money to get it back.

As a small business owner, you must consider it critical to have a managed-data backup system in place. This won't prevent attacks, but it can significantly mitigate harm to your business if one does occur, especially in the case of a ransomware attack.

Misconception No. 2: One solution for all threats

Small business owners are especially susceptible to believing that a single solution will defend against all possible threats. Security is better viewed as a managed process.

Related: 10 Data-Security Measures You Can't Do Without

Simply having some legacy IT solutions in place shouldn't let you develop a false sense of security and avoid asking important questions, including: Are we addressing vulnerabilities through security patching? Are we getting regular reports of that activity so that, in the event of a breach, it's documented and we can respond effectively to an audit? Is our firewall being actively managed?

You need to have a managed security system in place, one that includes regular reports on security measures, potential threats and updates. If you need more information, conduct some research on third-party managed security service providers, which can offer on-premise and remote solutions depending on your needs.

Misconception No. 3: Cybersecurity training is for the IT guys.

Data security isn't just IT's responsibility -- it needs to be a priority for all employees. Your entire network can be compromised if, for instance, just one employee falls victim to a phishing email.

The threat landscape is constantly changing. Implementing an employee-training program and being able to demonstrate that security should be a priority for all employees and is becoming increasingly important. Invest in regular training sessions and implement policies to reinforce the information shared.

Misconception No. 4: The price isn't right.

Small business owners often look at security solutions and say, "That sounds expensive." In reality, the cost of these services is far from prohibitive, and the services can scale as businesses and their needs grow.

What's more, forgoing security solutions means you risk the much higher price tag that accompanies a breach. Reports from Kaspersky Lab indicate that small businesses spend an average $38,000 recovering from just one data breach.

Before making an investment, then, conduct a thorough assessment of your current security measures. A security audit will give you a good idea of where you stand and make you aware of any serious vulnerability.

Related: 4 Strategies Small Businesses Can Use To Avoid a Data Breach

Like any unfortunate event, data breaches can happen to any business -- not just those with big names. The FTC ruling in LabMD demonstrates how the government is placing more and more liability responsibility on business owners to protect their client data.

If yours is a small business, just claiming "I didn't know" will no longer suffice when a data breach does occur. No matter what the size or industry of your business, make data security a top priority.

Wavy Line
Adam Levy

CEO, Magnet Solutions Group

Adam Levy is the founder of Magnet Solutions Group, an IT and web development company, and LoTops, a CRM and management application for small businesses in any industry. He tweets regularly on business technology at @Adam__Levy.

 

 

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
Lock
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
Lock
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Business News

'Just Say You Are Going Broke': Starbucks Slammed For Price Increase On Popular Item

The chain will start charging $1 extra for customization on its popular Refresher beverages.

Business News

The Virgin Islands Want to Serve Elon Musk a Subpoena, But They Can't Find Him

Government officials would like to talk to Tesla's owner as part of an investigation into the Jeffrey Epstein case.

Growing a Business

My Startup Scored a Multimillion-Dollar Contract With a Fortune 100 Client in Just 3 Years. Here's What We Learned.

There's no perfect litmus test to gauge if you're ready to go after big business or not — but if you don't take the risk, you'll never realize the reward.

Marketing

5 Questions to Ask a PR Pro Before Hiring Them

You probably haven't considered asking these questions, but they're a great way to find the right PR firm for your business.

Growing a Business

The Inevitable Challenges You'll Face as Your Business Grows — and How to Handle Them

There's going to be some discomfort as your business expands, but it doesn't have to stop you from achieving massive success.

Marketing

This Location-Based Marketing Technique Is the Key to Boosting Retail Sales

Let's take an in-depth look at geofencing marketing and how it's helping retail locations drive foot traffic and boost sales.