Your business, whatever its size, most likely processes and maintains information every day. At least annually, take time to review your data privacy practices to reinforce your information security and to reassess your cyber protection.
Free government resources are available to help protect your customer, employee and business data. The U.S. Federal Trade Commission publishes an online Cybersecurity for Small Business website to help small businesses and nonprofits with cybersecurity awareness. This resource delves into 12 different topics, such as phishing, ransomware, vendor security, cyber insurance, physical security and tech support scams. You can learn how cyberattacks are conducted and what businesses can do to recover from an incident. You also can download checklists to ensure you have the proper cybersecurity measures in place.
Additional government resources keep you up to date on recent trends. For example:
- The Department of Health and Human Services offers Health Information Privacy guidance material, checklists and infographics to help businesses protect HIPAA data.
- The Office for Civil Rights issues monthly cyber awareness newsletters, also posted on the Health Information Privacy site, to help businesses with protected data:
- become more knowledgeable about the various security threats and vulnerabilities that currently exist in the healthcare sector
- understand what security measures can be taken to decrease the possibility of being exposed by these threats and
- reduce the likelihood of breaches of electronic protected health information, or ePHI
States have also adopted data security requirements to help businesses protect the data in their possession. Ohio, through its Cyber Ohio Initiative, became the first state to offer incentives for compliance with nationally recognized security frameworks by providing a tort defense through the passage of the Ohio Data Protection Act. The law protects a business if a negligence claim is filed alleging that a data breach was caused by failure of that business to implement reasonable security standards.
While Data Privacy Day occurs every January 28, celebrate your own data privacy day by accessing these free resources, and consult your local independent insurance agent for more loss control information and to review your cyber insurance needs.
This loss control information is advisory only. The author assumes no responsibility for management or control of loss control activities. Not all exposures are identified in this article. Neither The Cincinnati Insurance Company nor its affiliates or representatives offer legal advice. Consult with your attorney about your specific situation. Contact your local, independent insurance agent for coverage advice and policy service.