Failing to protect your business from cybercrime can lead to the destruction of your business and put your entire livelihood at risk. 

Cybercrime…Why You Should be Concerned

All businesses, no matter how small, should be interested and knowledgeable about how cybercrime could negatively impact the bottom line. About 50% of all small businesses in the United States, those with fewer than 1000 employees, fall victim to cybercrime each year. Understanding cybersecurity laws and how they apply to the industry you work in is imperative to protecting your business. 

If a business does not take steps to protect itself, its employees, and its customers from cybercrime, severe consequences can take place. These consequences include data breaches, financial losses from fraud and ransomware, loss of reputation, loss of operational time, and legal fines. If a business loses its reputation, or is viewed by the public as “risky”, it could very easily collapse and go out of business. 

Any business that handles sensitive personal information which identifies employees or customers needs to do everything it can to protect and safeguard that information. Being entrusted with this type of information (names, Social Security numbers, credit card information, etc.) means businesses are legally and ethically responsible for its security. 

Five Steps to Ensure Security of Data for any Business 

If you own a business, or are thinking about starting one, a process to keep data secure should be part of your plan. The liability you incur from being a business owner, and what you do to protect it, could make or break your business. 

A strong security plan to ward off cybercrime should include these five steps: 

1. Assess the information you have in your possession. Check all laptops, computers, mobile devices, flash drives, etc. and know where your business houses all sensitive data. Understanding where all the sensitive information your business has access to is stored, and how it is stored, is crucial to protecting it. 

2. Decrease the amount of sensitive information your business collects and stores. If there is not a legitimate need to hold on to sensitive information, then don’t hold on to it. 

3. Lock up all sensitive information in your possession. Physical and electronic security is one of the most important things you can put in place to protect your business from a cybercrime attack. 

4. Train your employees to be experts in security as well. Your business is only as safe and sound as your weakest employee. Take the time to train your employees so they can be one of the best defenses against cybercrime. 

5. Be proactive and reactive when it comes to security. Have a plan to protect any sensitive information you plan to keep under your control, and if a breach of information happens, have a plan for reacting to it immediately. 

Taking these steps to establish a sound security plan for your business can go a long way in protecting you from legal problems, or in some cases, from losing your business. 

What If I Don’t Take Security Seriously? 

As mentioned above, not taking security seriously when your business involves sensitive information collection can be detrimental to your business and your livelihood. The negative consequences that can occur include: 

• Data breaches: Unauthorized access to information that leads to financial losses and reputational damage. 

• Financial losses: The average data breach in the United States in 2024 cost $4.88 million. 

• Legal and regulatory fines: Businesses can face lawsuits and fines when sensitive customer data is compromised. 

All 50 states have data breach notification laws which require organizations to notify individuals and often state Attorneys General when a security breach involves certain personal information. The type of information is dependent on the state. New Jersey has a strong data breach law that includes both its comprehensive data privacy act and expanded data breach notification requirements. The New Jersey Data Privacy Act (NJDPA), effective January 2025, provides consumers with even more protection and rights. 

If your business commits acts in violation of the NJDPA, the law can be enforced by the Attorney General and potential fines of up to $10K for an initial violation and $20K for subsequent violations can be levied against you and your business. 

If your business has been accused of violating a data breach law, reach out to the team at The Law Offices of Robert J. DeGroot today!