Evolving Role of Data Privacy in SMBs

This webinar was held on July 6, 2023 via Zoom. 

This webinar is more on the business perspective primarily on the operational side rather than on the technical perspective. This is a webinar on dialogue format.

Wayne Roye is a CEO and business owner that came from the technology field. His main goal in giving these series of webinar is to give back to the community and bring value, as he had received so in the past.

Aileda Lindal came from Artisans Integrity Management, a medical consulting and billing company in New York City. She came from an operations background. She is passionate about healthcare operations because it is ultimately the people business. She emphasizes the importance of having good partners with you.

Data Protection for Small and Medium Businesses

Current Landscape of Data Privacy in SMBs

We have transitioned from using paper to learning new software systems and figuring out how to use them efficiently. Digitization caused the evolution of data privacy. At first, it only involved paper and the building where it was stored. Now, it there’s the adoption of processes such as uploading, encryption, downloading, among others.

Around 2010, the big thing was social media. Now, the main concern is the sharing of personal information. These aren’t simply personal information, but those kinds that may affect an entire company.

Challanges of Data Privacy in SMBs

Retaining personal data of clients. Things like hiring and liabilities of collection, you can actually hire a company to do it for you or use an AI to do these background checks and validations for you. Now, you are not liable for that data because you are not retaining or collecting it. You are using a third-party to do that which minimizes your risk.

Scams. How can people detect those? How to know what to click and what not to? In the practice, there are multitude of ways how these scams are perpetrated. You cannot just rely on a class or seminar you conduct once a year, but you have to put processes to make sure these steps are being implemented. There are key things to pay attention to such as state and federal rules, so you must have a partner who specializes on that kind of stuff. 

Benefits of Proper Implementation of Data Privacy in SMBs

Organizational structure

The more tight and efficient your system is, the better it is for everyone. 

When you have team synergy and people are trained, it is inevitable that the gaps in your flow will be limited. You become a good operational force. 

A team is not talking and gossiping to each other while they are working – this is not a team player and this is not what is a team about. 

A team is a group of people on the same page who come to work everyday, and work with love, with fun, and with efficiency. In this environment, your ability to serve well is heightened and there is a magnitude of benefits to this. 

Better employee care means better customer support

This translates to better customer support – the staff is more aware, happier, more loyal, and pleased.

“Your internal team is your internal client” – I will say this to any CEO and owner. 

When you cut your retention, you will save huge amounts of money. If you’re a training in your organization, and you have a heavy fallout or heavy rotation, it goes back to the training pieces or onboarding component.

There are key things that should be trained on at least quarterly. And you should have the “train the trainor” position within any organization. Meaning, you must always have somebody who has the capability to train.

You can’t have all following on that person – like if that person goes on vacation, or falls ill, and now all of a sudden there’s no training done for a certain amount of time, and your team never gets trained. This should not be happening in an organization, otherwise, you will have no efficiency. You must have efficient “no-gap” scenarios and you absolutely should have any kind of client care.

The bottom line is, you are showing that you care. You have retention and growth if the organization shows that they care for their employees and customers. Some of the problems we have in the industry are that people feel that a lot of companies don’t care.

Getting the employees in alignment, making them happier, and keeping their retention, now translates into your customers. They say, “happy wife, happy life” which could also mean “happy employee, happy customer.”

Best practices for Ensuring Data Privacy in your SMB

The primary motivation should not be for the sake of compliance, but doing so for the best of your organization. Don’t look at it on a regulation side, look at it on what is best for your business, your employees, and your vendors.

Even if you’re not doing everything right, and sometimes there are a lot of pressures on owners because they come into this business as doctors or medical professionals, and they are not all in on business comprehension or things of that nature. 

This is where the importance of a team comes together – supporting each other. 

Like everybody has to come together for the information, you access it, and use it wisely to be able to work together cohesively and help each other.

Confidential agreements

Make confidential agreements to all your employees and vendors that you work with. It merely says, “keep anything private, private”, and “that they are supposed to be quite of things that need to be kept private.” 

If something happens and you have to go to court because one of your people breaches that, then you can present something and say, “we have this confidential agreement, and I am not primarily liable.” I am not a lawyer but this is what confidential agreements is supposed to be about – implementing simple things like firewalls and encyrptions.

Encryption

For encryption, you have two things: (1) data in motion (e.g. email); and (2) data at rest such as computer or device (e.g. PDF on a laptop). Encryption is putting a code on the data so that if someone steals that device or an unauthorized person opens that email, if they don’t know the proper code, they can’t see that data. 

Employee Training

  1. It makes employee feel more empowered because they see you are investing in them and you believe in them and you have a path for them to grow.
  2. It gives you an avenue for you to teach them on a proper way to deal with things.

Multi-Factor Authentication (MFA)

If you don’t have MFA now in 2023 and something happens, you’re in big trouble because it is being mandated across the board.

For example, in cyber insurance, just to get it, you should have an MFA.

If there are issues, you should have MFA in place. It means that you not only have a password, you have a second piece of information to validate who you are.

I bet, that most people in this call, if I do a deep enough search, I guarantee that I can find passwords that does not belong to you, passwords that are not secure enough. 

MFA minimizes the risk if somebody has your password.

Secure Backup and Disaster Recovery Plan

I, Aileda, has recently went through this scenario with LinkedIn where I wrote an article. The interesting is when I published the article, I turned around and logged back in as per usual and I couldn’t get in.

I have a 17 year history with LinkedIn and this taught me a lot about platform data.

Then, I was required to upload photo ID which is very obtrusive to me. Now, I am stuck in their system, and I can’t break through to anybody. 

This is where the support piece comes into play and having good people.

Also, I have to get grounded that 17 years of my career history that’s been built on a platform that now I just can’t access. And so, these are the kinds of things that I have to deal with.

Platforms continue to evolve and increase their data. We live in an ever-changing world of data and compliance right now. People are trying to implement it as fast as they can.

One thing I learned from Wayne is to keep everything on one platform – which practices should also know. This makes things more manageable and keeps everything safer.

I, Wayne, asked Aileda that in the 17 years that she was using LinkedIn, if it crossed her mind at any time in those years that, “I should have a backup.” Aileda then said, No!

This is why backup is important. How many things we are taking for granted that we assume it’s going to be there, but when something happens, what do you do? And that’s why, a disaster recovery plan is very important. Most companies take it for granted and just say, “my IT company is backing it up.” 

Well, how do you know? How do you know what they’re backing up? How long will that take? How do you know the timeframe that they are going to take your data back? Within an hour? A day? A week? Within a year?

Having good partners

Knowing having good partners and systems ensure that you have more control and accessibility to the things that you need. The benefit of having a good team around you, you will know what you don’t know. Here, you will get professionals that understand what you need to do.

Ongoing security assessments

These tell you where the gaps are, where data is, and how you can get to this data. These assessments will tell you how a hacker might get to your system.

Data breach plan

What do you do if something happens? Most people don’t know. They only have it in their head. Businesses can’t afford it. 

A plan is written document that says that before it happens, who do I need to call? Who do I need to inform? What actions do I need to do? It’s an internal organization decision. IT may be a part of that process but IT is not the solution to that process.

My recommendation is to get on the phone and reach out to your software company and know that in a situation like that, what are the contact information. Find who that person is, and make a direct communication in the event that something goes wrong.

Data breach response

When a data breach happens, you have to get through a software company’s internal mechanisms, and the worst thing is you get to a department, and you have to backout, and get into something else again. You can’t afford that in a data breach. 

When you did get through that person, you should not let that person get off the phone until your system is completely now back in place.

Don’t let that pass out to another customer service representative. Sometimes you have to be ready to educate other people’s employees on this scenario in this situation and make sure you are seeing that all the way through. 

You have to insist that you have that partnership with the other side.

Last tips

  • Have good partners. Have good partners. Because people specialize for a reason.
  • Your network assessment is your first step. It evaluates the gaps you have in terms of cyber security. It helps you deal with data privacy in your company.
  • Have quarterly audits where you run your organization through these things. These assessments do not only involve your teach/IT team but your whole team.

Get a free consultation

Troinet | 1412 Richmond Road, Staten Island, NY 10304 | Tel.: 718-761-2780