If you’re a small business owner, having protocol in place to safeguard your company from cyber attacks is crucial to protect your proprietary information and your bottom line. As a small business owner, in the state of New York, or if you have New York customers or clients, you must follow New York State’s SHIELD Act. While cybercriminals target businesses of all sizes, small businesses are vulnerable to risk. It’s not a question of if a cyber attack will occur — but when — cyber insurance for small businesses ensures you are covered for claims and expenses that could arise from such an incident.
What is the SHIELD Act?
No federal statute mandates the measures businesses must take to mitigate risk in the event of a cyber attack. New York has such a law which applies to businesses in the state. The SHIELD Act was enacted in 2019 to strengthen New York’s data security laws by requiring that companies develop, implement, and maintain safeguards to protect the secure and confidential information they store. This data can include Social Security numbers, driver’s license numbers, account numbers, biometric information, usernames, passwords, and email credentials.
Under the law, a business must notify affected consumers once a breach has been discovered, except in certain situations. Failure to adhere to the SHIELD Act can result in the Attorney General taking action against your business and civil penalties being imposed.
Cyber Security Measures for Small Businesses
Small businesses rarely have the same resources as larger companies to thwart a cyber attack in the event one should arise which is why it is crucial to have adequate security measures in place. While the New York SHIELD Act lists certain safeguards, the Act is not meant to be a complete list of the protections that can be taken. A small business should customize its cyber security protocol to its needs.
Reasonable safeguards a small business might take can include:
- Identifying foreseeable risks
- Training employees in the security program’s procedures
- Selecting service providers who can maintain appropriate safeguards
- Assessing network risks
- Having a plan in place to respond to system failures
- Regular monitoring of the key controls, systems, and procedures
- Having measures in place for the disposal of private information
- Securing WiFi networks
- Implementing multi-factor authentication procedures
Unfortunately, even when all protective measures are taken, cyber-attacks may still occur. Liability coverage is vital. Cyber insurance for small businesses can help to defray the costs that follow a breach and compensate a business for the financial losses they suffered. This insurance can also help to cover the costs associated with regulatory fines and damaged equipment. The cyber insurance you will need can depend on your exposure to risk, the types of data your business stores, who has access to the sensitive data, and your company’s revenue. While different industries have different needs, a cyber insurance policy should be specifically tailored to tackle the threats your company could face.
Contact an Experienced New York Business Attorney
If you’re an entrepreneur and have questions about why cyber insurance for small businesses is necessary, it’s important to consult with an experienced business attorney who can advise you regarding these matters. Brinen & Associates provides knowledgeable representation to clients for various regulatory and compliance matters, including those involving cyber security. Call (212) 330-8151 or send us a message to learn more about how we can assist you.