Risk and Compliance
The majority of mid-market businesses are under the mistaken belief that, unlike the big corporations, they need not worry about cybersecurity. The facts, however, show that small and medium businesses are the primary targets for cyber attacks, making up 43 percent of all attacks versus all other entity types.
Not only are cyber attacks a real threat but there are federal, state, and even international regulations that require certain cyber security protocols be followed. Whether you like it or not, your company may be subject to cyber compliance laws and ignoring these requirements may cause you to face legal consequences if your company faces a data breach.
People care about privacy. Your employees, clients, and business partners have a right to understand what information you may have collected on them over the course of your business relationship. This includes simple pieces of information like name, email address, and phone number. You have a legal obligation to disclose what you have on file if you are asked to by an individual.
Each geographic region has nuances to data privacy you must comply with. Each state in the U.S. has a different version of this. In the EU, GDPR is most prevalent. Industries like healthcare finance and government entities also have specific requirements.
Mid-Market Business Compliance
State Data Protection Regulations
The federal regulations do not cover every person, business, and scenario. Individual states have the prerogative to decide where and how to fill in the gaps left by federal cyber security laws. Every state has laws designed to protect data but not all take into account cyber threats. That fact is changing every year, however.
States legislatures are constantly considering and adding new cyber laws to keep pace and address cyber security concerns. In 2019, for instance, 45 states and Puerto Rico introduced or considered cybersecurity bills.
Most of the cybersecurity laws apply to state governments and their agencies but as of 2019, half of all states have data security laws in place that apply to private businesses. The majority of these laws apply to private businesses that have personal information about a state resident and require the implementation and maintenance of reasonable cyber security procedures. The majority of the state laws that apply to private entities simply require that companies have some sort of reasonable cybersecurity system in place to protect personal data.
All states, however, have security breach notification laws. That is, when a breach of private data occurs, the business that was breached has the burden of reporting the impact of the breach to effected parties.
Federal Data Protection Regulations
International Data Protection Regulations
Alliant Cybersecurity Advantage
Alliant Cybersecurity will publish an initial report in the next 24-72 hours with our findings on: Why, Who, what, where, when, and how this attack happened. Our team will also assist you with:
- Selecting tools to secure and strengthen your infrastructure
- Assist in mediating with law enforcement agencies and insurance providers
- Training for your workforce to avoid future attacks
Get the Alliant advantage today! Contact us for general consultation or reach out to us on our hotline number for a cyber-emergency.