Every business, no matter its size, is a potential victim of cybercrime. This is because every business stores information that can be used or sold by cybercriminals on the dark web, like clients’ social security numbers and personal contact information. In fact, according to research by the Ponemon Institute, about 70% of small- and medium-sized businesses (SMBs) experienced a data breach in 2018.
But what’s so terrible about a data breach? It’s not so much what happens during the incident, but how the messy aftermath can affect your business. Here’s what you have to deal with if your data gets compromised.
Regulation penalties and investigations
As more businesses started using the cloud for storing and accessing information, stricter regulations and steeper fines were instituted to ensure customer data protection. Should your data be breached, you will have to answer to state and federal laws, as well as to industry-specific regulations. The Payment Card Industry (PCI) compliance regulations, for example, requires up to $100,000 per month in fines if customers’ payment information is compromised. Your business will also have to be investigated and audited, and you’ll be given even stricter compliance guidelines before being accredited again.
In 2017, New Mexico passed a Data Breach Law. It defined a breach as the “unauthorized acquisition of unencrypted data that compromises the security, confidentiality, or integrity of personal identifying information,” and it required businesses to notify affected individuals by regular or electronic mail within 45 days of becoming aware of the breach. The disclosure should contain, among other things, the description of the breach, what kind of information was compromised, and a notification informing customers of their rights pursuant to the Fair Credit Reporting Act (FCRA). And if more than a thousand residents of New Mexico need to be notified, you are also required to inform the state attorney general and major consumer credit reporting agencies. Needless to say, breach disclosure is a time-consuming and costly task.
As you may expect, some clients won’t take the news of a data breach sitting down. They may even organize and file a class-action lawsuit to make sure that you pay for your failure to protect their data. Whether you choose to go to court or to settle, the litigation process can drain your company’s funds. And depending on how persistent the plaintiffs are, lawsuits can drag on for years. To give you an idea, it took two years and $700M in settlement to resolve the 2017 Equifax data breach that compromised the data of around 150 million people. For small businesses, one lawsuit of this scale can send them into bankruptcy.
While lawsuits and investigations are ongoing, you still have a business to run. And with your priorities split multiple ways, expect your operations to suffer in the following ways:
- Depleted operating budget – Because you need to pay fines and/or a settlement, you might need to reappropriate your operating budget and make some compromises to keep your business afloat. For example, you might need to cancel projects, limit client services, opt for cheaper vendors, move to a smaller office, or lay off some employees.
- Low employee morale – Since data breaches need to be disclosed publicly, your employee’s morale can take a hit. After all, their good name can be ruined when people find out that they work for a company involved in a data breach. Low morale, in turn, can demotivate employees and cause them to perform below optimal productivity levels. Worse, they can jump ship and leave you understaffed.
- Departing customers – It only takes one data breach to destroy the professional reputation you’ve built for years. If you don’t want your business to close its doors for good, you will have to find a way to regain your customer’s trust and patronage.
“Devastating” doesn’t even begin to cover the effects of a data breach, so it’s better to prevent it rather than try to mitigate its damage. Kosh Solutions can help protect your systems to prevent your company’s sensitive data from being hacked. Contact us today to find out more.
Like This Article?of our most popular posts