You probably know about data breaches – and the lawsuits that often follow – against some of the world’s largest companies. Yahoo, Facebook, T-Mobile, eBay, The Home Depot, and Capital One have all been victims of data breaches in recent years. This summer, T-Mobile agreed to pay $350 million to settle claims connected to a 2021 cyberattack.

A 2020 report by IBM found that the average cost of a data breach in the United States is nearly $9 million – plus damage to the company’s reputation. Unfortunately, data breach incidents are rising as more employees work from home.

The most effective way to guard against data breaches is to prevent them. Below, we look at a data breach in the Lehigh Valley, describe some data breaches that smaller businesses are likely to encounter, and offer guidance on guarding against these expensive and damaging events.

A Data Breach Lawsuit in the Lehigh Valley

Before you write off data breaches as something that only affects billion-dollar global companies, consider this new lawsuit that hits close to home. A woman has filed a federal class-action lawsuit against Medical Associates of the Lehigh Valley PC following a data breach that exposed more than 75,000 patients’ personal information. The hacked data included patient names, Social Security numbers, and health information. The plaintiff, a former patient, alleges that the healthcare system failed to protect personally identifiable data and protected health information.

How Do Data Breaches Occur?

When you think about data breaches, you probably picture a sophisticated cybercriminal hacking data remotely using a high-tech computer setup. While that indeed happens, criminals can also get access to data by stealing paperwork, phones, or laptops. Additionally, they sometimes copy sensitive information from electronic devices without anyone knowing.

Scammers also use a technique known as “phishing.” These e-mail or phone call scams try to trick people into providing confidential information.

Don’t forget human error, which is responsible for most breaches. Sometimes employees leave sensitive information where someone else can see it or accidentally send it to the wrong person. A data breach is merely the moving of private information to an untrusted environment.

Creating a Data Breach Prevention Plan

To protect yourself and your company from a costly data breach, consider taking the following steps:

1. Educate: Teach your employees about data breaches and how to prevent them. This includes instructions about phishing scams and creating strong passwords. In addition, provide regular data security education and reminders.
2. Establish procedures: Create procedures for data security and update them regularly. For example, use roles and permissions for accessing certain types of data, and limit the number of places where you store confidential information. Encrypt data if you send personal information via e-mail, and make sure you have a dedicated Wi-Fi network that the public cannot access. Always follow data retention standards for your industry.
3. Secure physical data: Store physical files in a safe location and restrict access. Destroy anything that contains sensitive information (cross-cut shred papers and wipe data off laptops and hard drives). Cell phones and other portable devices should have anti-theft apps.
4. Use security software: Anti-virus and anti-spyware software, for example, can protect your business from data intrusions.
5. Hire an expert: Consider hiring an Internet security expert to help with the above. A security expert can run a data breach prevention program for you or consult on best practices.

You should also have a backup system in place, as a hacker can delete your information during a cyberattack.

Don’t forget to review your data security practices and procedures regularly. Best practices can become dated, especially as cybercriminals become more sophisticated and take advantage of new hacking techniques. Time and money spent today can guard against a costly data breach.

If you have questions about drafting or enforcing company policies intended to safeguard sensitive data, consult with your legal counsel or an attorney at KingSpry.

This news item is a publication of KingSpry. It is meant to be informational and does not constitute legal advice.