Years ago there was a commercial for oil filters in which the spokesperson warned that you could pay him a few dollars for a filter or pay a mechanic later for an expensive repair. “Pay me now, or pay him (the mechanic) later,” he would say. The same could apply to your company’s investment in security. Just last week Yahoo learned it would need to pay $50M in damages for a massive 2013 breach that involved up to 3 billion users.
That’s a heck of a mistake and the company is paying a steep price. It should be a cautionary tale for every company, to do whatever they can to protect their customer’s data. It turns out that failure could be costly.
I get that Yahoo was a huge company with a ridiculous number of users, and most readers of this post are not going to have worry about scale like that, but you do have to worry about what it would be like to be involved in a similar incident. It would probably involve many fewer users and much less money, but there could be consequences.
For starters, there’s your reputation. If people learn that you were lax with their data, that could be enough for them to abandon your company and stop buying your products and services. At the very least, it puts a blot on your record that can be hard to recover from. Your company name can get sullied all over social media, and contrary to the popular maxim, there is such a thing as bad publicity, especially for a small or medium sized company.
Secondly, if security is lax for your customers, it’s probably not great for your employee data either. And that’s not good in a tight labor economy where good workers are hard to come by. Again, you don’t want to be the company that was fast and loose with employee or customer data.
It’s gonna cost you
Perhaps the biggest reason is the financial fall-out that could result if a court found that your company had been less than vigilant with security, allowing hackers to steal data from your network. That could subject your company to steep fines. While it might not be $50 million, think about the impact of say, a $50,000 fine, on your company’s bottom line. You can probably afford that less than the large company counterpart can deal with $50 million.
That’s why it’s imperative that you put safeguards in place to protect data to the extent possible. Everyone (including judges) knows that there is no such thing as being locked down in this day and age. But, there is a difference between doing nothing or very little and putting sensible safeguards in place that show that you are making every effort to be safe and secure.
If you can do that much, you might be able to prove you did what you could, and the hackers were simply smarter. But if you don’t do anything, you’re like the guy with an old oil filter. You can pay now or you can pay later. Pick your poison.
Photo: Ken Wolter / Shutterstock.