The Ohio Data Protection Act And The Impact On Business In Canton & Akron
Cyberattacks have been on the rise across the nation. For many small and medium businesses, a massive cyberattack, and the associated losses, can spell disaster. Not only do breached businesses face the immediate cost of the breach, including data loss and lost customers, they may also face an extra challenge as customers become aware of the breach: court judgments and litigations from customers, vendors, and partners impacted by the breach.
Now, the Ohio Data Protection Act aims to provide a level of protection: a safe harbor for those businesses that meet a clear set of cybersecurity standards.
What Does the Ohio Data Protection Act Include?
The Ohio Data Protection Act establishes that businesses that meet minimum cybersecurity standards, depending on the size of the business, have legal protection against claims that may arise following a cybersecurity breach.
Breaches can occur to any business. 76% of US businesses suffered a cyberattack last year. For many of those businesses, the damage proved catastrophic–and the breach reflected the actions of determined hackers, not a failing on the part of most of those businesses.
The Ohio Data Protection Act does not establish minimum standards that businesses must meet in order to continue operation. Instead, it provides incentive for businesses that are willing to take their security standards to the next level. This law is the first in the country to offer incentives for companies who increase their cybersecurity protections, rather than creating penalties for businesses who fail to achieve those goals.
The Ohio Data Protection Act Requires “Reasonable Conformance” to One of These Cybersecurity Standards
The Ohio Data Protection Act requires that businesses who want to receive those legal protections conform to basic cybersecurity standards, based on the company’s size and complexity, the activities it engages in regularly during the course of business, and the sensitivity of the personal information collected and maintained by the company. It also takes a look at the resources the company has available and the company’s access, both financially and otherwise, to the tools needed to purchase and maintain those cybersecurity standards.
Reasonable compliance standards, according to the Ohio Data Protection Act, include:
- The NIST Cybersecurity Framework
- The FedRAMP Security Assessment Framework
- The Center for Internet Security’s Critical Security Controls for Effective Cyber Defense
- ISO/IEC Information Security Management Systems Standards
- Payment Card Industry’s Data Security Standards, if you accept payment cards
What Does the Ohio Data Protection Act Mean for Your Canton and Akron Business?
If you have a business in Ohio, the Ohio Data Protection Act may mean several important things for your business. First, it’s a call to action: a vital point of awareness of the rising cybersecurity threat across the nation. In the wake of massive cyberattacks in recent days, including the Colonial Pipeline attack, people are becoming more aware than ever of the various challenges and potential concerns associated with virtual threats.
Are you prepared to protect your business?
1. You need to do more than just meeting minimum compliance standards.
Many businesses that deal with customer payments on a regular basis focus on maintaining minimum PCI (Payment Card Industry) compliance standards alone. You know that your business may face considerable penalties if you do not meet those standards, so you endeavor to meet them if at all possible. These recent cyberattacks, and the rise in cyber crime this year, however, show that minimum compliance standards are no longer enough. It often takes time for those compliance standards to change to reflect the latest change in the industry. Your business needs to be prepared to go above and beyond in order to achieve higher levels of protection.
2. You need a plan of action that will help prepare your business for the possibility of a cyberattack.
Your business will, at some point, face a cyberattack. Many hackers now choose to target small and medium businesses because they often lack the robust security standards held by larger businesses. Others prefer to target big businesses because of the wealth of data they can uncover–not to mention the greater resources those companies often have.
The Ohio Data Protection Act does not seek to ensure that businesses are perfectly protected from cyberattacks–and in fact, in today’s modern society, with all its technological connections, it is almost impossible to completely protect a business. Instead, it establishes standards that will help providea vital level of protection for those businesses and keep them from facing financial ruin when they have done everything in their power to maintain a high level of security, but a hacker breaches their internal security anyway.
3. A security specialist can help improve your business’s overall security and put you in a better position to manage the challenges that may come your way.
Your employees are experts in your industry. You’re great at what you do. Chances are, however, that your focus is not cybersecurity. You may find yourself overwhelmed by the options presented in the Ohio Data Protection Act and the various standards you need to meet in order to comply with the act–and that may leave you unsure of what to do next. A cybersecurity specialist will understand the various options available to Ohio business owners and how those options fit with the tools and resources available to your business. They can then provide you with effective recommendations about how to best meet those standards and achieve your overall goals while providing the best possible layer of protection to your data–and your clients.
Canton & Akron Technology Solutions From Rea & Associates
Do you need to improve your cybersecurity standards? Do you have questions about whether your business meets the standards rewarded by the Ohio Data Protection Act? At Rea & Associates, we help our clients manage their cybersecurity solutions and provide them with the information necessary to go beyond basic compliance to meet more robust, highly effective standards of cybersecurity. Contact us today to learn more about how you can help your business meet the Ohio Data Protection Act’s standards and protect your business from the potential legal ramifications of a cyberattack.