No longer is Cyber crime just an issue for large corporations with flaws in their IT security. These companies have already stepped up their Cyber protection, which leaves hackers to target smaller businesses and practices that hold customer data, but are often behind in their digital security.
Why you need to be protecting your data from Cyber crime
In fact, according to the Federation of Small Businesses (FSB), SMEs are now more likely than corporations to be attacked by Cyber criminals because they are seen as an easier target.
With the new General Data Protection Regulation (GDPR) coming into force in May 2018, small businesses can no longer claim ignorance or continue with poor internal processes. It is time to consider your Cyber risks and what individual data you hold and get up to speed with the GDPR.
Preparing your business for the GDPR
With possible fines of up to 4% of turnover, or €20m, for a serious data breach, this is just one incentive to take a look at your data.
There are two key elements covered by the new legislation:
- individual rights
- keeping data safe
Data security is an important part of your cyber insurance policy.
Dental, medical and veterinary practices, for example, will hold customer addresses, telephone numbers and appointment information as a minimum, as well as take and process card payment details. If you add in personal medical history, dental records and birth dates, you have a lot of sensitive customer data.
With this in mind the Information Commissioner’s Office (ICO) has put together some useful information for businesses looking to bring their data policies in line with new regulation.
Non-compliance has implications for your business, your customers and your Cyber insurance policy
If you have weak IT security software, or poor security practices, you are opening yourself up to a Cyber-attack. Poor practices may include being free to share information outside the organisation by email – not only could this severely affect your customers, but also your relationship with them.
A few data security-related implications of the GDPR that may impact smaller businesses include:
- Someone must have responsibility for data protection – you should consider if you need a designated Data Protection Officer
- Processes must be in place to keep data safe (i.e. IT system security) and to deal with data breaches
- Documentation required of what personal information you hold, where it came from and how you process it
- Ensuring you protect your data is not only important for your reputation, but it is likely that any data breaches caused by a lack of safeguards in place or non-compliant processes will not be covered by your Cyber insurance.
Cyber insurance should be part of your data protection plan
If your company or practice is complying with data protection rules and has robust processes in place to keep personal information safe, you might not be liable for fines, but you might still be targeted by hackers.
In these instances, your only protection is Cyber insurance.
While the GDPR law changes are relatively new, getting to know them and understanding their impact on your business will likely be a slow process.
Discussing with your broker what data you keep and what procedures you have in place to prevent Cyber-attacks will enable them to help you find the right Cyber insurance policy.