5 Digital Policies Small Biz MUST Have

AiAuthority | Kristina Podnar | Jul 8 2019

digital policy and security - 5 Digital Policies Small Biz MUST HaveIt’s hard to overestimate the role of small businesses plays in the American economy:

  • Businesses with fewer than 5 employees account for 62% of all businesses in the U.S.
  • More than half of all Americans own or work for a small business.
  • Small businesses are responsible for two-thirds of all new jobs created each year.

When you look at the magnitude of their economic impact, it would be easy to assume that small businesses know exactly what they’re doing and would be the obvious place to look for advice and best practices.

The truth, however, is that small businesses power the economy despite lacking the resources of larger organizations:

  • 77% of small businesses rely on the owner’s personal savings for their original funding.
  • Only 40% of small businesses are profitable.
  • The vast majority of businesses that fail, do so because of cash flow problems.
  • Employees of small businesses wear many hats, starting at the top. The owners or leaders of small businesses are typically responsible for three or more of the following functions: operations, finance, sales, marketing, HR, customer service, product development, or IT.

When you look at it that way, it’s not hard to understand why many small businesses regard digital policies -if they think about them at all -as something they’ll get to “someday”. But that’s very unwise when you consider that few small businesses have the resources to survive the fallout from a crisis involving their online activity.

See:  When the Tide Goes Out: Big Questions for Crypto in 2019

Owning a small business myself, I understand what it’s like to have to make choices about where to spend your resources. I certainly wouldn’t give you the same advice I give to my global clients. Instead, I’ve narrowed digital policy development down to five things you absolutely must do to protect your business, your employees, and your customers.

5 Digital Policy Initiatives to Start Right Now

1. Take Privacy Seriously and Know Which Privacy Regulations You’re Required to Meet.

Laws and regulations regarding online privacy vary by country, state, and even industry as do the penalties, which tend to be significant. Here are just a few examples:

2. The General Data Privacy Regulation (GDPR)

The GDPR is an EU law that went into effect in May of 2018. It seeks to protect the private data of EU citizens by addressing how companies collect and use data as well as the security of how that data is stored.

What many U.S. companies don’t realize is that jurisdiction is determined by the citizenship of the individual, not the physical location of the company. So any American business that collects, processes, or stores data on customers with EU citizenship is obligated to comply with GDPR requirements.

See:  Data is a 2-way street in a post-GDPR world

3. The California Consumer Privacy Act (CCPA)

The California legislature passed the CCPA in June of 2018, shortly after the GDPR went into effect. It’s quite similar in its bias toward consumer privacy and its potential impact on businesses. And, as the GDPR extends beyond the EU’s boundaries, the CCPA extends beyond California’s state lines. So you can’t assume you get a free pass just because you’re not physically located in California.

However, while there are many similarities between the two laws, there are also a number of technical differences. Resources like this can help you achieve compliance with both laws (if necessary) with a minimum of redundancy.

4. Brazil General Data Protection Law (LGPD)

The LGPD is Brazil’s data protection law, which will go into effect in 2020. The LGPD isn’t quite as comprehensive as the GDPR, but it does put similar emphasis on the concept that individuals, not businesses, own their data. It details both compliance requirements as well as penalties for noncompliance.

More companies are passing their own digital privacy laws all the time. In addition, certain industries, like finance and pharmaceuticals, have their own regulatory requirements.

5. Make a List of Action Steps

I recommend creating a spreadsheet that documents which laws/regulations apply to you, which countries they apply in, and what you need to do to become compliant.

One tip I like to share with my clients is to prioritize actions that satisfy more than one requirement at a time. (For example, both Russia and China prohibit transferring their citizens’ information outside of national borders, so deciding whether and how to establish a local service hub in those countries would take care of two things at once.)

See:  Open banking data tapped to speed up laundering checks

Identify Your Priorities

If you’re starting from scratch, it would be almost impossible to do everything at once. Your best strategy would be to prioritize policy development based on:

  • Your level of activity in a particular country, industry, etc.
  • The current legal environment surrounding that policy: Is the government aggressively enforcing compliance? Are consumers filing class action lawsuits? In other words, how likely is it that your noncompliance will come to light?
  • What are the penalties for noncompliance? If you do get caught, can you withstand the repercussions? Or would you be at risk of going out of business?

Assign Responsibility

Once you’ve prioritized the policies you need to address first, assign responsibility and a deadline by which you’ll follow up.

Secure Your Fort from the Barbarians at the Door

Think you’re too small to be hacked? Unfortunately, you’re wrong: 43% of cyber attacks target small businesses. And it’s a bigger deal than you might think:

  • 60% of small businesses shut their doors within 6 months of a cyber attack.
  • Cyber attacks cost these companies almost $900,000 in damages or theft of IT assets.
  • Small businesses lost nearly $1 million due to the disruption of normal operations.

See:  QuadrigaCX Aftermath: The Bigger Picture

Despite plenty of statistics that prove the barbarians are indeed at the door, barely half of the small businesses dedicate budget resources to risk mitigation. But increasing your security would probably cost less than you think, and it would certainly cost less than a major breach. Here are some effective, relatively low-cost steps you can take right now:

Develop Strict Policies for Internal Security

A whopping 87% of small business have no data security policies for their employees:

  • Many small businesses don’t have an employee password policy that addresses things like the characteristics that make a password secure, how often it should be changed, the importance of not writing it down or sharing it with anyone, etc. And, of those that do have a password policy, only 35% strictly enforce it.
  • Only 31% install regular software upgrades.
  • Only 22% encrypt their databases.

Common practices like bring-your-own-device (BYOD) don’t help. And then you have “low-tech” risks, like not restricting physical access to servers that store sensitive information.

This is also an easy and relatively cheap problem to fix. There are plenty of online resources for best-practices regarding employee data security. Find the ones that make the most sense for your company, document them in a digital policy (including the consequences for not following the policy), and implement it. If employees don’t take the policy seriously at first, you may have to consistently enforce the consequences until they do.

Continue to the full article --> here


NCFA Jan 2018 resize - 5 Digital Policies Small Biz MUST Have The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - 5 Digital Policies Small Biz MUST HaveFF Logo 400 v3 - 5 Digital Policies Small Biz MUST Havecommunity social impact - 5 Digital Policies Small Biz MUST Have
NCFA Fintech Confidential Issue 2 FINAL COVER - 5 Digital Policies Small Biz MUST Have