Three Tips On How To Protect Your Business From Cybersecurity-Related Lawsuits

If you don't have a strong policy in place regarding internet use by employees and the handling of sensitive company information, you could be risking a lot of trouble. A weak or unclear policy can expose your company's private information to competitors or thieves, making your business, employees, distributors, and customers vulnerable to fraud and theft. It can also expose your business to lawsuits if your lax security ends up causing economic losses to others.

Here are some tips on how to boost your cybersecurity and protect your company against unnecessary lawsuits.

1. Have cybersecurity systems in place. 

Many people still don't realize how vulnerable any company computer that's connected to the internet actually can be. If you aren't up to the task of installing all the right software, hire an internet technology (IT) consultant to do it for you. At a minimum, you need antivirus software, antispyware, a firewall with encryption, and a secret set identifier (SSID) that will keep your Wi-Fi network hidden.

2. Have a written policy on employee security practices.

You need to have a written policy on how your employees are to handle internet security. Having a written policy and making sure that each employee with internet access signs off on the policy stating that they understand both the company's expectations and the consequences of violating those expectations can protect you in case you need to either discipline or fire someone who doesn't comply. If you're ever sued over a cybersecurity problem, it also gives you something you can show the court to prove that you've been attentive to the issue all along.

The policy for your employees should include certain basics, no matter what type of business you run:

  • a guideline for handling personally identifiable information or company data when posting online
  • rules regarding the use of social media for personal use from company computers 
  • rules about internet shopping and browsing for personal use from company computers
  • employee responsibilities for any manual updates to security software (like not pausing or delaying any automatic updates or disabling any)
  • employee responsibilities for reporting any suspected breaches of security protocol, phishing scams, or other problems
  • requirements regarding the use of passwords by employees (changing them routinely, not using easily guessable ones like "password," and so on)
  • a policy that restricts physical access to any computers, laptops, or mobile devices that contain company data, including making sure that all unattended devices are locked so that they can't be accessed easily if stolen

3. Promptly notify the proper authorities and your employees, vendors, and clients of cybersecurity breaches or scams.

If your company is threatened by a cyber attack or your security is breached, don't keep the information to yourself. Make sure that you are forthright and transparent with your vendors or customers so that they can take additional steps to protect themselves if possible. 

Even something like a phishing scam, where someone impersonates your company, should be reported to the Federal Trade Commission and your customers right away, even though it isn't a breach of your company's security. A phishing scam can erode customer trust in your company, especially if they don't understand how phishing scams work -- they may blame your company even though you can't stop them. Customer education is also part of cybersecurity in today's business world.

For more advice on how to protect your company from lawsuits based on cybersecurity issues, talk to an attorney with experience in that area. For more information, visit a website like