The benefits of technology can carry a cost that doesn’t always receive much attention from franchise owners. It’s the significant increase in business risks that encompasses everything from the latest cyber threats like ransomware and denial of service attacks to hefty government penalties levied for breaches of customer data. Failing to pay attention to these issues can negatively impact your business.
According to Risk Based Security, 2019 was the worst year on record for data breaches. The firm reported 5,183 breaches involving a total of 7.9 billion exposed records, a 33 percent jump over the previous year. IBM reports that when taking into account costs such as investigations, fines, and damage control, a data breach can cost a company as much as $3.92 million.
Governments are passing laws to put pressure on companies to limit those breaches and compensate consumers for the release of their personally identifiable information (PII). The two most high-profile examples are the General Data Protection Regulation (GDPR) created by the European Union and the California Consumer Privacy Act (CCPA). Both laws call for hefty fines for data breaches, putting you at risk for costly penalties.
Most cyber threats today result from large criminal enterprises, oftentimes located in other countries. Employees of these companies identify and exploit vulnerabilities in computers, computer networks, and devices that access the internet.
Ransomware gets much of today’s attention. The 2019 Beazley Breach Briefing reported that the median request for ransom was $10,310, but some ransom demands were as high as $8.5 million. The FBI has urged businesses not to give in to ransomware demands as they may encourage similar attacks and criminals often don’t provide the promised keys.
Phishing, in which criminals send fake emails that contain malicious files or links to websites, is one of the most common current cyber threats. These emails are designed to trick recipients into disclosing private or sensitive information such as passwords, credit card numbers, or other data that criminals use or sell. Phishing has become increasingly sophisticated, making it more difficult for companies to detect phony emails.
Franchise owners may worry about whether their technology has strong enough barriers to block evolving cyber threats, but the single biggest vulnerability is people. The most carefully safeguarded and sophisticated security system can be rendered virtually useless by an individual’s error or a flaw in a process. For example, all it takes for a phishing effort to succeed is for just one employee to click on a link in a fake email or enter security information at a phony login prompt. Simply plugging an infected thumb drive into a company computer can transmit damaging malware.
People assume cloud-based computing offers greater security, but it’s important to remember that the “cloud” is actually made up of multiple physical computers that have been networked. Any computer is vulnerable to cyber threats and no security system is completely foolproof.
Franchise owners that accept debit and credit card transactions open themselves up to another threat. Handling these transactions electronically involves the creation of Payment Card Industry Data Security Standard (PCI DSS) data (the security standard used by the payment card industry). In addition to the potential of regulatory liability if PCI DSS data is accessed and stolen, a franchisee may also face contractual liability from its payment processor.
Your business should have a plan for handling all types of cyber threats. Developing a written incident response plan — just as you plan for emergencies such as fire or severe weather — will help you think through all the steps involved in addressing the issue and protecting your franchise and its data.
Keeping hardware and software up to date is critically important. Software providers and hardware manufacturers frequently issue updates and patches to address vulnerabilities or other problems they’ve discovered. If you fail to take advantage of those updates, you miss the protection they provide.
Ensure employees are aware of both the risks and the importance of their own role in data protection. It’s far too easy for a busy employee to let down their guard. Regular training in small doses (and focused on positive reinforcement) will keep employees alert.
Don’t assume your current insurance coverage will cover cyber threats. Many insurance carriers exclude cyber events from their normal coverage. You may need to obtain a specific cyber liability insurance policy to protect your company from both your direct losses and legal actions by regulators or consumers who have been damaged.
Preparing for the challenges presented by technology regulations and cyber threats represents a major priority in the current environment, but it can be costly. For example, a company may have to dip into capital to update hardware and other components more frequently than in the past or pay consultants to conduct costly but valuable reviews and training. And, you may find it more challenging to obtain loans for technology related needs as opposed to those backed by things such as facilities and inventory.
Keeping abreast of tech regulations and cyber threats is of vital importance for busy franchise owners. Understanding and training your employees to be cognizant of these threats is a first step in protecting your business today and in the future. Finally, ensure you are financially prepared to address cyber threats should your business be impacted by them.
First Franchise Capital does not make any representation as to the accuracy of materials presented in any webinar, whitepaper, vlog or blog, nor legal or financial information contained therein. Third party advertisements, links or presentations are not endorsements or recommendations by First Franchise Capital. Any materials presented are for informational purposes only. They are not offered as and do not constitute an offer for a loan, professional or legal advice or legal opinion by First Franchise Capital and should not be used as a substitute for obtaining professional or legal advice. The use of any materials, including sending an email, voice mail or any other communication to First Franchise Capital, does not create a relationship of any kind between you and First Franchise Capital.