Block on Trump's Asylum Ban Upheld by Supreme Court
Anthem Blue Cross, the nation's second-largest health insurance company, announced Thursday that a hack into its systems may have exposed the records of up to 80 million customers. This breach included Social Security numbers, addresses, and health care information, but no credit card numbers (which is really immaterial, with all that other information).
Small businesses, just as much as large businesses, need to take steps to ensure the security of customer data. Here's what business owners need to know:
Incredible as it may seem, The Wall Street Journal reported that Anthem didn't encrypt any of its data. Oh, sure, it encrypted data that left the company, but when it was stored internally, it was apparently secured only by passwords -- which didn't work so well, given that hackers were able to steal 80 million records with a single compromised password.
Hopefully we don't have to say that these are some pretty poor security practices. Data should be protected with multiple layers of security, including passwords, but also including encryption. Data access should be tiered so that employees are given access only to what they absolutely need to do their jobs.
Anthem might be great bait because it has lots of juicy information, but small businesses are just as much at risk for security breaches -- in fact, possibly more so, as a hacker could infer that small businesses have weaker security and poorer security practices than large companies. (Businesses that aren't publicly traded don't, for example, have to engage in onerous Sarbanes-Oxley compliance.)
If you store any sensitive data at all, whether it's names and addresses or credit card numbers, you should take steps to ensure that the data are secure. There's no "flying under the radar" here; hackers don't have the same economy of space and time that, say, bank robbers do. A hacker can send out millions of virus-infested emails with a single click.
Failing to adhere to industry standards when it comes to securing digital information could make your business liable in the event there's a data breach. As the Target and Home Depot episodes (among others) have demonstrated, "Gee whiz, I'm real sorry" isn't going to cut it -- and those companies are paying for it.
Even a simple negligence cause of action could potentially apply. Negligence means failing to act as a reasonable person would, and if a jury finds that a reasonable person would have used stronger security measures, but you didn't, then you could be on the hook for the damages.
The moral of the Anthem hack story? Now's a good time to conduct a security audit to make sure your data are as secure as possible.
Follow FindLaw for Consumers on Google+.
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.