Three Steps New York and New Jersey Businesses Can Take to Protect Themselves from Cybersecurity Breaches

Viruses.jpgBusinesses must maintain constant vigilance against the threat of hackers, who can compromise not only a business’ own sensitive information, but that of its customers. Several high-profile cybersecurity breaches, such as the incidents at Target and eBay that gave hackers access to millions of consumers’ personal data, have brought significant attention to this issue. Business owners and entrepreneurs must take care to protect their own sensitive information, such as financial data and trade secrets, for the sake of their business’ survival. They must also have measures in place to safeguard customers’ personal information. Here are three principles business owners should consider.

1. Avoid Unfamiliar E-Mail Attachments (and Almost Anything Else Unfamiliar on the Internet)

Benjamin Franklin once wrote that “a small leak will sink a great ship.” He did not have cybersecurity in mind, but his words are relevant to how businesses should organize and manage their computer networks. Hackers are adept at exploiting weaknesses, and they are finding ever-more obscure ways to access business networks. According to the New York Times, the hackers who breached Target’s payment systems, allowing them to obtain millions of credit card numbers, got in through the heating and cooling system. Almost any networked system, including printers and vending machines, can be a point of entry for hackers who are clever enough.

Many hackers, though, still prefer to use relatively old-fashioned methods, such as email attachments and spyware. Unfamiliar email attachments may carry malicious computer code that can spread from one computer, or even a smartphone, to an entire network. Unfamiliar websites can infect computers with spyware. Companies should train employees about cybersecurity and, when practical, restrict access to unnecessary or unfamiliar parts of the internet.

2. Dispose of Old Computers, Hard Drives, and Flash Drives Safely

Some cybersecurity breaches occur the truly old-fashioned way: by directly accessing hard drives and other physical media. This could include old drives that were not erased before disposal, or even theft of computers or external drives. A class action lawsuit against Starbucks accused the company of negligence after the theft of a laptop computer compromised the personal information of 97,000 employees. While a court dismissed the lawsuit, holding that the plaintiffs had failed to assert a specific harm suffered by the theft, the case demonstrated the potential liability for data breaches. Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010).

3. Have a Privacy Policy, and Communicate It to Your Customers

Savvy consumers understand the risks of entrusting their personal information to businesses, and therefore want to know what a business is doing to protect them. This includes knowing whether a business will share any information with third parties, as well as what information and for what purpose. Companies should institute policies regarding how and when to access customers’ personal information, procedures to safeguard that information from improper use or theft, and a written statement communicating these terms to customers. Once such policies and procedures have been implemented and publicized, companies must ensure that they follow them.

Small business lawyer Samuel C. Berger represents entrepreneurs and businesses in New York and New Jersey. We offer fixed-fee legal-service packages covering a wide range of legal needs, such as business formation, mergers and acquisitions, and contracts. To schedule a confidential consultation with a knowledgeable and experienced business law advocate, please contact us today online or at (212) 380-8117.

More Blog Posts:

After Hackers Hit Another Major Internet Company, New York and New Jersey Businesses Need to Be Aware of Cybersecurity Risks, New York & New Jersey Business Lawyer Blog, May 26, 2014
Protecting Your New York Company’s Brand from Online Counterfeiters, New York & New Jersey Business Lawyer Blog, January 30, 2014
After Employer Accesses Employee’s Facebook Posts, New Jersey Court Allows Invasion of Privacy Claim to Proceed, New York & New Jersey Business Lawyer Blog, August 16, 2012
Photo credit: By Berishafjolla (Own work) [CC-BY-SA-3.0], via Wikimedia Commons.