I wonder how many car owners have felt safe against the threat of auto-theft with the reasoning that “I own a Ford, not a Bentley or Lamborghini.” The idea is that because you don’t think a Honda or Toyota has the same value as a BMW or Ferrari, you are safer. Unfortunately, this exact sentiment makes many car owners victims of theft. In fact, the National Insurance Crime Bureau released a famous study listing the top ten cars most likely to be stolen: Toyota, Honda, Ford, Chevrolet, Acura, Nissan. Additionally, it wasn’t the newest or most luxurious models, but the older years.
Why is this? Thieves know that luxury cars have more sophisticated anti-theft systems. They look for easy targets.
A small business owner that thinks they are too small for data theft and decides not to take cautionary protections against thieves (disgruntled or ex-employees, identity thieves, or other types) are making an unwise decision. The Symantec 2013 Internet Security Threat Report stated that 31% of all attacks were directed towards companies with less than 250 employees.
A business risk of data theft doesn’t end with proprietary information being exposed, or company financial data including credit card numbers being compromised. It can lead to sensitive customer/client, vendor or partner data being compromised. While this is a scary thought on its own, consider that your business can also be liable for the loss if a lawsuit is brought against you and a court concludes that the business did not take reasonable measure to protect the information. This could be a few hundred thousand dollars in damages directly from loss, exposure, or damage. Or, in the case of trade secrets of your company, its clients or strategic partners, this could easily be a multi-million dollar liability.
While it is advised that you contact an IT Security professional and a business lawyer to discuss liability, some generally recommended best practices are:
- Set alerts for events that might raise red flags:
- If an employee’s email volume, or attachment size is spiking from normal patterns.
- If an employee’s forwarding of items to a personal account breaks normal patterns (or if it is against policy, to restrict this all together.)
- If you suspect data theft, do not delete files, manipulate the computer or system, or comprise existing evidence.
- Find an appropriately trained professional to make sure that evidence is preserved either on computer, software, or networks. Do this in a timely matter.
- Design policies and written agreements with employees that protect your rights.
- Confidentiality
- Written and Acknowledged Use of Company Equipment Policies
- Trade Secret Agreements
- Conduct Exit Interviews
- This is usually a good policy regardless. However, you can take the opportunity to acknowledge and request the return of equipment, or other intellectual property.
Preventative measures like written policies that protect your liability and technology/IT vendors are a must have for small businesses. Even if you are not sure if your business might be exposed to liability, it could be a good idea to hire a business lawyer to help assess.
As always, remember to consult with an experienced business litigation attorney before taking action.