On Thursday, California Attorney General Kamala Harris announced heightened enforcement concerning data breaches. AG Harris’ office also issued a Guide that provides recommendations to California businesses, particularly small businesses, to help them protect against and respond to the increasing threat of malware, data breaches and other cyber risks.
The circumstances are certainly threatening for small business. According to the Guide:
-
In 2012, 50 percent of all targeted attacks were aimed at businesses with fewer than 2,500 employees.
-
More significantly, businesses with fewer than 250 employees were the target of 31 percent of all cyberattacks
The Guide is a good read for most small businesses which provides general principles and best practices to address data security. It is not comprehensive, and the Guide itself admits it does not provide “regulations, mandates or legal opinions…[but r]ather, … an overview of the cybersecurity threats facing small businesses, a brief and incomplete summary of several best practices that help manage the risks posed by these threats, and a response plan in the event of a cyberincident.”
Large national and multi-national companies are not the only targets for data breaches, and states like California are stepping up their enforcement efforts. Businesses should take the time to be sure they appropriately safeguard personal information of customers, employees and other individuals, as well as to be prepared to respond to a breach should they experience one.