Small businesses often fail to take the time to make business continuity plans. One aspect of a business continuity plan involves developing plans to handle the loss of physical infrastructure and hardware. Unfortunately, smaller and younger firms often fail to address these issues because they lack the necessary capital to invest in additional or supplemental equipment. Redundant servers, battery back systems or uninterruptible power supplies, and data backup systems that allow for offsite backup storage are the most obvious examples.
These can represent considerable capex for a small firm. However, these costs need to be weighed against the costs that would be incurred if a severe business interruption occurred. Encouragingly, new technology is creating tools for redundancy and data protection that don’t require additional hardware investments. The cloud is probably the single biggest savior for small businesses looking to defend against business interruption events. The cloud means you can offload many of your business processes and infrastructure to the cloud and sidestep creating expensive redundancies on your own. Offsite data storage, increased efficiencies as a result of shared data center costs, SaaS, and even data collaboration tools are added cost savings that can be provided by the cloud.
So before you throw up your hands and say you cannot afford to address business continuity, take another look. The cloud can redefine the paradigm of “business continuity.”
Last blog we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” (https://www.gsa.gov/portal/content/104256) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII.
At the Federal level, the United States doesn’t have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some laws requiring private or governmental entities to notify anyone whose data has been breached. In other words, if you possess personal data, you may have a regulatory responsibility to report the breach to both a government entity and the individual victim. Failure to do so may mean you’re in violation of these laws and subject to fines and penalties.
So what does this mean for a small business? You need to be aware of the likelihood that you are regulated by such laws and that you have some responsibility to show that you have taken reasonable measures and put in place procedures to maintain the security and integrity of outside data.
As a responsible business owner, you have an obligation to be aware of any applicable laws, keeping in mind that your client or prospect data may include PII from those in other states or countries. You also have an obligation to protect that data. Keeping up with the best practices for protecting your important data from hackers and data thieves is an important responsibility of every small business. Contact Net DirXions to learn how we can support your business with a complete cyber protection plan.
This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.
Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to breach notification laws. As a small business you should consider having an audit conducted to determine if you possess data that may be regulated by these laws. Failure to be aware that you are covered by them does not protect you in the event of a data breach.
In our next blog, we will discuss one category of information that is the focus of many data protection laws. This category is referred to as Personally Identifiable Information. When you discover what that includes, it will be pretty apparent why protecting this data is important for the integrity and success of your business.