Cybersecurity Alert – 3 Simple Steps to Protect Your Business from Cybersecurity Losses
October 21, 2014
Does your business accept credit card payments from customers? Does it purchase products or services from vendors or suppliers? If the answer is “yes” to either of these questions, read on.
Virtually every business that uses a computer with internet access has already been hacked. Fortunately, most businesses have yet to experience the type of cybersecurity breach that could cause it to shut down operations, permanently. And, like the next terrorist attack on U.S. soil, it is not a matter of “if” it will happen, but “when” will it happen. So, what can your business do to mitigate the risks and ramifications of a data breach when it does happen? Start with these 3 simple steps…
- If your business accepts credit card payments from customers, make sure your business meets the Payment Card Industry Data Security Standard (PCI DSS). There are 12 requirements for a business to be compliant with the PCI DSS, all of which can best be accomplished by an IT consultant working closely with an experienced information and data security attorney.
- Have an experienced contracts attorney (a cybersecurity law practitioner is a big plus!) carefully review all of your business contracts, particularly merchant account agreements with banks and credit card processors, service agreements with third party service providers, and supply contracts with vendors and others in the supply chain of your business operations. The contracts must be updated to include cybersecurity-related loss indemnification provisions, data loss and data breach clauses and internet security protocols and requirements. Surprisingly, less than 50% of all business contracts contain such cybersecurity risk mitigation provisions and protections today. Target, Home Depot and Dell all suffered cybersecurity losses due to inadequate contract protections and protocols with vendors in their respective supply chains. A few thousand dollars spent now on a contract review and audit by a qualified attorney could potentially save your business tens of thousands of dollars in cybersecurity losses and damages later.
- Call your insurance agent and obtain cybersecurity, internet and data loss insurance coverage for your business, all of which are necessary to insure against losses and damages resulting from data breaches and cybersecurity attacks. NOTE: most insurance policies in effect today (such as those providing general liability, property and casualty, and errors and omissions coverages) DO NOT cover losses resulting from data breaches and cybersecurity attacks. While the premiums payable for such additional insurance coverage can be costly, the premiums pale in comparison to the potential liability. However, discounts are available for businesses which can demonstrate that they are PCI DSS compliant and have updated their business contracts to include cybersecurity risk mitigation provisions and protections.
The Cybersecurity Legal Practice Group at Shulman Rogers offers a privileged relationship to efficiently identify & manage security risks, properly protect your digital information, and quickly respond to cybersecurity attacks. Contact Co-Chairs – Alan Tilles 301-231-0930 or Matt Bergman 301-255-0529 – for more information.