That title may have gotten your attention. We’re not a huge fan of being sensationalist or clickbaity, but in this case, maybe we should make an exception:
The Penalty for Breaking Cybersecurity Laws Could Result in Prison
There’s no sugarcoating this. Now let’s talk about how you can avoid going to jail.
There are Severe Consequences to Being Lax with Cybersecurity
Let’s make this personal. What role do you play in your organization? Are you a decision-maker? Are you a business owner? An executive?
If so, then you are responsible for your business, its reputation, and the data that it holds. It’s easy to just use the word “data” as if it has very little meaning. Generically, data is the stuff within a bunch of documents, the ones and zeroes that make up the information that we store on computers and servers. That’s a crude simplification, and you are likely smart enough to know that your business needs this data to operate. That’s why you spend a fortune making sure it’s redundant and backed up, and use it to make informed decisions about your business.
To your customers, your data is something else entirely. You see, a lot of your data likely revolves around them. It’s their data. It’s their contact information, their financial information, their medical history, and their marketing analytics. It’s all the stuff that they entrusted your organization with.
If your organization suffers from a data breach, you’ve let your customers down. You’ve taken their information and allowed it to get stolen, bought, and sold.
If you suffer from a data breach, you are proving to your customers that you are untrustworthy.
It’s a bad look, and can be very damaging to your reputation and your revenue.
Lawmakers have long ago decided that businesses shouldn’t be able to store and process customer information only to allow it to be stolen by cybercriminals. One, that breeds even more cybercriminals, and two, it’s very frustrating and even dangerous for the customer. This type of data has value in the wrong hands, so the best course of action was to make sure businesses do what they can to prevent it from falling into those hands.
What Cybersecurity Laws Regulate My Business?
That’s going to depend on what industry your business is in, and what states it operates within. If you potentially work with customers outside of the United States, you may also have other standards to meet, such as the GDPR.
At the time of writing this, Maryland’s Cybersecurity Laws mostly cover local government offices and agencies, as well as public and private companies that operate water or wastewater systems throughout the state.
There is also the Maryland Personal Information Protection Act which states that businesses must give notice to consumers within 45 days in the event of a security breach.
Beyond that, specific laws that your organization might fall under include:
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Homeland Security Act and the Federal Information Security Management Act (FISMA)
- Cybersecurity Information Sharing Act (CISA)
- Federal Exchange Data Breach Notification Act
Depending on the severity of the breach and the laws that your organization needs to comply with, the fines could end up being up to $100,000 for each violation, or up to $50,000 per record stolen. Under HIPAA and the GLBA, individuals such as directors and officers within the organization can be fined personally or face prison time ranging from 1 to 10 years.
The government is trying to encourage companies to take better care of their user data, and in an area where things change rapidly, lawsuits and the risk of jail time can be a powerful motivator.
It’s not ideal, but you need to protect your customers. It’s your responsibility as a business owner.
How to Avoid Being on the Wrong End of a Data Breach Lawsuit
Here’s the thing: while there are penalties for falling outside of compliance, most laws regarding data privacy and protection really don’t come into play until the breach has happened.
Yes, some of them dictate certain steps and practices you should take to secure your data, but ultimately the responsibility falls on you. It’s not like you can just buy a particular cybersecurity solution, follow a checklist, and become absolutely immune to data breaches. Cybercriminals are constantly adjusting and refining their trade to make that impossible. Instead, your organization needs to be protective AND vigilant.
The proactive part is pretty straightforward, as long as you are working with a reputable IT company that puts cybersecurity first. If it’s been a while since you’ve made significant changes to your IT infrastructure, it’s likely that your organization has fallen behind.
The best place to start is to get a consultation and discuss a cybersecurity audit.
Establishing that baseline cybersecurity infrastructure to protect your business is a good start, and making sure that the proper maintenance is happening across your network will prevent a lot of issues. Beyond that, it’s about establishing security policies and building a culture of security within your organization.
These are all things that Dresner Group can help you with. Don’t put your business, your own livelihood, your freedom, or your customers at risk. Give us a call at (410) 531-6727 to get started.