A hacker is breaking into a computer to perform a data breach on business insurance information.
We have all heard of data breaches involving large corporations. These breaches can cost millions of dollars, plus damage the reputation of the company involved. But just because we don’t hear about these breaches involving smaller companies, do not think that small business is exempt.

Small Business, Big Breaches
Over 70% of such cases involve small businesses with limited resources to protect the information, and limited resources to respond to a breach. Lost or stolen portable devices make up the majority of the causes of the breach. The average cost of notice to the business affected is $ 107.00 per notice.

Your business probably collects a significant amount of personal data in regard to your daily activities. There include, but are not limited to; names, dates of birth, driver’s license numbers, social security numbers, credit card numbers, email addresses, payment and health histories all contained in the various files of small to large businesses across our nation, and even internationally.

Human Error
There are a few ways that a breach can occur. A rogue employee could obtain and distribute information regarding the personal information in your files, or an exemplary employee could just make a simple mistake. Imagine the simple case of an employee taking a flash drive home to work on spreadsheets over the weekend. Somehow that drive, which happens to contain personal information about clients of your business, is lost or stolen. Are you aware of the regulatory requirements your business now faces as a result of this seemingly innocent incident? Even if there is no evidence that the information was distributed to anyone, your business is required to respond.

Am I Covered?
Consider these questions when evaluating your small business:
• Does your company have a policy regarding access to personal information with permission based upon a need to know?
• Does your business restrict the use of portable devices or flash drives?
• Does your business have a termination procedure which includes the IT department or consultant and appropriate security to obtain all portable devices and eliminate all access to the    business location and networks?
• Does the company have a disaster recovery plan that includes procedures for reporting a possible breach, an alternative location and backup procedures following a natural disaster?

Even with these precautions, the exposure to a very expensive incident is very real.

I Experienced a Data Breach. Now What?
In Illinois, the Personal Information Protection Act lays out very strict procedures for this scenario. Your business’ required duties include notice to everyone whose personal information has been compromised. The definition of personal information varies by state. But generally, personal information is limited to information not generally available to the public.

If your business has exposure to the loss of personal information, it is crucial to review this with your insurance professional. There are now business insurance policies that can assist in the forensic and legal assistance for data breach and the various state requirements, the cost of notification, the establishment of 24 hour call centers for your clients for crisis management, and business interruption losses. These are primarily first party coverages, but these, along with the loss of reputation could devastate a company and drive it out of business.

The professional staff at Grooms Insurance Associates is can review your business insurance needs and the insurance coverage to protect your future. Grooms Insurance Associates is proud to have been named Business of the year for 2013 by the Lake Zurich Area Chamber of Commerce. Thanks to our friends and clients for helping make us achieve such recognition.