Society’s concern with data and privacy (or the lack thereof) has been brought to the forefront due to the FBI-Apple controversy. In short, the FBI wants Apple’s help breaking into an iPhone that belonged to one of the attackers in the December mass shooting in San Bernardino, Calif. Apple is refusing to comply, since it would essentially be hacking its own products.
In a separate case involving Apple, a judge recently ruled that the U.S. government could not use the All Writs Act of 1789 to force Apple to produce data connected to an iPhone seized in connection with a drug case. The All Writs Act is also at the center of Apple’s fight with the FBI over the iPhone.
We can debate the merits of both sides of these cases, but that’s not the focus of this article. The crux of the issue, as it relates to owners of businesses small or large, is the importance of safeguarding data.
The letter of the law
The topic of securing data can be overwhelming. A good place for businesses to start is the Federal Trade Commission. It has an entire section devoted to data security that covers everything from passwords to copiers to mobile apps.
Privacy goes hand in hand with protecting consumer data. The Small Business Administration (SBA) provides a wealth of information on privacy, including articles and links to government sites.
Businesses not only have an ethical/moral obligation to protect consumer information, they are legally obligated to do so. The American Bar Association gives a great overview of safeguarding confidential information. This article also distinguishes differences among various state laws.
Cybersecurity a serious matter
Internet hackers pose a credible threat to businesses and to their customers. In addition to exposing individuals to possible identity theft, security breaches also expose companies to negative PR. Companies often offer affected customers a free year of security monitoring, but that can’t undo the damage already done. Once a company has violated a customer’s trust — either directly or indirectly — it is difficult to restore that trust.
The actual cost to a company also can be quite real. Last holiday season, Target reported the theft of 40 million credit card accounts affecting 70 million customers. Target not only spent $240 million to replace customers’ cards, but sales and the company’s stock price took a major hit from the resulting public fallout.
Businesses aren’t the only institutions susceptible to security breaches. Colleges, too, have been victims of cyber attacks. The University of Central Florida announced earlier this year that the Social Security numbers of 63,000 individuals were compromised in a hacking incident. Two former students have filed a civil suit against the university in response, which illustrates another cost that companies face in the wake of such breaches: related attorney and court fees.
How can you prevent your business and customers from being victimized? Start with these tips on cybersecurity from the Federal Communications Commission (FTC). The SBA also provides many resources on online business law.
Want more information? Go to OnGuardOnline.gov, the federal government’s website to help businesses operate safely, securely and responsibly online.
The FTC manages the site, in partnership with the other federal agencies. OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.
Resources for small businesses
Other online tools will let you know if your website is vulnerable to attacks and even provide firewall protection:
- Qualys FreeScan provides 10 unique security scans of Internet-accessible assets on a business network and recommends patches to correct vulnerabilities.
- CloudFare offers a basic plan that’s free; it includes secure socket layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser.
- Cloud-based Tripwire SecureScan provides free vulnerability scanning for up to 100 Internet protocol (IP) addresses on an internal network.
When it comes to online security, business owners can’t stick their head in the proverbial sand. If they do so, it’s likely to become quicksand. Businesses must be proactive, protecting customer data — and their own reputations.
Darcy Grabenstein began her career as an editor at The Orlando Sentinel and still gets an adrenaline rush from deadline pressure. She “defected” to advertising, ending up in suburban Philly where she wrote for Nabisco, M&M/Mars, Johnson & Johnson, Warner Lambert, and more. It’s also where she learned what an ice scraper was. Her passion is PR, and she holds professional accreditation from the Public Relations Society of America and the International Association of Business Communicators. While she will never acquire a taste for scrapple, and still calls a hoagie a sub, she does enjoy a good cheesesteak.