As a small-business owner, every decision you make is affected by your budget. You carefully weigh the tradeoffs before making any major purchase. With that in mind, it's nice when you can get something for free.
In fact, you can upgrade your data security without breaking the bank. In addition to investing in small business insurance, you should bolster your data security by doing the following…
- Encrypting data.
- Preparing a data breach notification plan.
- Increasing software testing.
Encryption: Change One Setting and Potentially Save Millions
In October, AvMed, a medical insurance company, agreed to a settlement paying $3.5 million dollars to customers affected by a data breach after two laptops were stolen from the company. You read that correctly: a $3.5 million lawsuit for two stolen laptops. Ouch.
Million-dollar fines and lawsuits are not uncommon, especially for data breaches involving medical data. HIPAA and HITECH, the two laws that govern medical data, are extremely strict.
Encryption is one of the simplest ways you can avoid these major lawsuits. If AvMed had changed the settings on its laptops to encrypt data when a user was logged out, it might have avoided the data breach lawsuit. One simple change might have saved the company millions.
Some data breach laws only hold IT businesses responsible for lost data if it is unencrypted. After a breach of encrypted data, depending on the laws where you live, you may have to pay for credit monitoring services to ensure your customers' identities aren't stolen, but these costs pale in comparison to a $3.5 million lawsuit.
Data Breach Notification Plans Can Save You Money
A recent study shows that businesses can reduce the cost of a data breach by 47% if they have a data breach response plan outlining what they need to do in the aftermath of a data breach. When making a data breach response plan, make sure you include…
- Information on applicable state data breach laws.
- Contact information for insurance agents and lawyers.
- Coverage details of your Cyber Liability Insurance policy.
- Plans for contacting customers affected by the breach.
- Protocol for responding to the attack.
After a data breach, you'll have many responsibilities. You need to protect your customers, find the source of the breach and fix it, file a claim with your insurance company, file a report with state authorities, and much more. Organizing all the information you'll need can save you a lot of trouble and make sure you don't overlook any important legal responsibilities.
To learn more about preparing for cyber attacks and data breaches, check out our Data Breach Response Guide.
Software Testing: Protect Yourself by Adopting Best Practices
Before a programmer delivers software to a client, they'll have to perform rigorous software testing to improve its security and usability. But what's the best way to test software?
Many experts advocate "iterative testing," which tests each component of a program as it is developed. Each function is tested for security as well as for how well the design and front-end features integrate. Tech giants like Microsoft and Google favor this step-by-step approach because it helps programmers deliver secure software on schedule.
By testing each component at each stage, developers aren't surprised by any big problems at the end of development. They won't be scrambling to fix bugs and software errors in the days before the software is due.
From time to time, make sure you reexamine how you carry out software testing. Are there new methods you should incorporate? Adopting these best practices often costs nothing, but can save you from a lawsuit.
To get an idea of how larger companies test their software, check out the post, "What Google and Twitter Can Teach Us about Testing Software for Security."
How Can These Upgrades Reduce the Cost of Insurance?
Insurance costs are determined by risk. To get less expensive insurance, you need to have less risk. Increasing testing, developing a data breach response plan, and using data encryption are three ways businesses can reduce risk and lower the cost of insurance in both the short and long term.
In the short run, many insurers give discounts to businesses that have formal data breach response plans in place. Make sure you document these plans. Have a physical binder listing this information.
In the long run, these measures reduce the likelihood of lawsuits. Your insurance will increase dramatically if you are sued. Avoiding a lawsuit is vital for keeping insurance premiums low. To get an idea of how much insurance will cost your business, look at these sample quotes for comprehensive insurance for small IT businesses.