New York Leads By Example: Law Outlines Cybersecurity Best Practices That ‘Main Street’ Businesses In Every State Should Adopt

A New York state law requiring small businesses to implement cybersecurity protocols highlights the greater need for increased cybersecurity at all levels of business. The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, requires companies to adopt safeguards aimed at protecting consumer data, and it proposes penalties for businesses that don't. The Act adapts “Wall Street” level cybersecurity practices for “Main Street” business and many states are moving to enact similar laws in a concerted effort to reduce cyber exposures and protect consumer data. 

Small businesses, defined as those with less than 50 employees, less than $3 million in annual revenue, and less than $5 million in year-end assets are the focus of the new law. In the cybersecurity world, it has long been known that small and medium-sized businesses (SMBs) are a primary target for hackers. This is due to the fact that businesses of this size often lack comprehensive cybersecurity plans. The SHIELD Act makes New York the first state to enact legislation to address this specific issue.

Business owners in every state should take notice and become aware that they can be a target. Here are a few takeaways from the SHIELD Act that your business can and should implement to prevent a data breach:

Administrative safeguards - Designate one or more employees to oversee the implementation of a cybersecurity policy, enforce adherence to cybersecurity protocols, and establish a system of self assessment and reporting. 

Technical Safeguards - Install or update cybersecurity software on every device used to conduct business (computers, smart phones, handheld credit card terminals, etc.) and enforce a company-wide password policy.

Physical safeguards - Implement measures that prevent unauthorized access to company owned devices and computer systems. Example: Replacing analog cash registers with password protected POS systems that log-out after a short period of inactivity.

Litigatory safeguards - Get cyber insurance. Cyber insurance is a type of business insurance that covers a business in the event of a hack, data breach, or system failure. Lawsuits are the inevitable result of nearly every cyber attack and most SMBs are unprepared for the tidal wave of litigation that it brings. 

For more information about the SHIELD Act and specific guidelines for businesses operating in the state of New York please visit https://www.nysenate.gov/legislation/bills/2019/s5575

Cyber insurance adds an all-encompassing layer of protection 

Data is one of the most valuable and vulnerable assets that any business manages. Unfortunately, many business owners don’t learn this fact until it's too late. Anytime there is a data breach or a client’s personal information is exposed, lawsuits are soon to follow. A cyber insurance policy will safeguard your business in the event of a hack, data breach, system failure, or data loss that results in financial damages - both direct and litigatory. Cyber insurance is often the factor that dictates whether a business is even able to survive a breach. Common sense cybersecurity practices, antivirus software, and employee training are the first line of defense against hackers. Cyber insurance is the final, and arguably most important, security measure that will keep your business safe.

Visit us online or give us a call at (844) 278-3674 to learn how simple cybersecurity measures and cyber insurance can secure your business.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375