There are many reasons to protect data: it's good for your clients, your reputation, and your bottom line. Many IT professionals underestimate the value of that last factor, but that can be a costly mistake. Data breaches are expensive, sometimes costing well over $1 million in legal fees, lost business opportunities, and other related expenses.
To understand these costs better, let's take a look at the major expenses associated with a data breach.
- Class actions suits. The corporate law firm Pepper Hamilton LLC explains that data breaches often lead to class action lawsuits, which are when a group of people (e.g., many customers) sue your business at once. According to Pepper Hamilton, class action lawsuits are becoming more common for data breaches and more expensive that other types of lawsuits, with average attorney fees of $1.2 million and a judgment of $2,500 per plaintiff.
- Compliance costs. When a data breach occurs, you'll need to comply with complicated state laws, which can take time, money, and effort. You might need to file data breach reports with the attorney general, consumer reporting agencies, or Health and Human Services (if the exposed data was medical). In addition, you might have to contact any affected customers and handle their complaints.
- Fines. Medical consumer protection laws HIPAA and HITECH can charge small businesses up to $1.5 million in fines for data breaches.
- Reputation damage. Once you inform customers about a breach and make any needed filings with government agencies, your reputation will take a hit. Whether you're a website designer or system network admin, you could lose out on new business.
Protect Data and Protect Your Bottom Line
Given the cost of data breaches, you'll want to take a number of practical steps to prevent them. Here's a breakdown of data breach solutions and prevention tips:
- Laptop data protection. What do you do if a laptop is stolen? Much of the talk about data leaks centers around hackers and cyber attacks, but physical theft is a real issue. Encrypt your data so thieves won't be able to gain access when a user is logged out or the computer is idle. If you work with medical data (and thus need to follow HIPAA regulations), here is a list of recommended protocol for securing mobile devices from HealthIT.gov.
- Data security training. It's so important, I’m going to say it twice: data security training. All your efforts mean nothing if employees don't follow protocol. If an employee fails to encrypt their laptop and it gets stolen, you could end up paying a HIPAA fine (here's one story of a small business paying $50,000 in cyber security fines) or wind up in a data breach lawsuit. You're responsible for employee actions and need to make sure they know how much is riding on their actions.
- Software updates. Install security patches and updates to your OS and other software. Recent events have shown how Adobe Reader could be compromised and expose IT professionals to a data breach, so remember that updating your OS software isn't enough to prevent attacks: you need to do the same for all software.
- Data breach notification plan. Starting planning for a data breach now. Figure out what your state laws are, make a plan for contacting customers, and audit your current data security. Are there places you need to strengthen? Having a plan in place now will help prevent data breaches and make your response to them quicker and more thorough.
- IT Risk management. With lawsuits costing anywhere between tens of thousands and millions of dollars, you simply can't afford them. Cyber Liability Insurance is an affordable way to manage your risks. Paying a little now in premiums can prevent the catastrophic cost of a lawsuit from sinking your business.
Taking these steps to protect your data can also reduce the cost of business insurance. Insurers often charge lower rates to small-business owners with thorough, well-documented data security plans. To learn more about the cost of insurance, check out our sample IT insurance quotes.