Do you know your cybersecurity obligations under WA state law?

Do you know your cybersecurity obligations under WA state law?

Cybersecurity attacks are becoming steadily more frequent and more sophisticated. The question becomes not if your business will experience a cybersecurity breach, but when. The COVID-19 pandemic has created a range of new opportunities for hackers looking to capitalize on remote workers and reduced security, prompting 70% of organizations to increase their cybersecurity spending. The best way to ward off cybersecurity breaches is with continually monitored data backups, but company data can still end up ransomed.

What WAC means for your business

Washington Administrative Code (WAC) requires companies to notify their clients of security breaches if their data has been compromised.

“Any person or business that conducts business in this state and that owns or licenses data that includes personal information shall disclose any breach of the security of the system to any resident of this state whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person and the personal information was not secured.” - RCW 19.255.010

Sixty percent of businesses that fall victim to a cyberattack go out of business within 6 months due to loss of clients, data, and revenue. Having a business continuity recovery plan in place for potential cybersecurity attacks is essential to surviving such an event successfully.

The Tech Mafia difference

In addition to minimizing security breaches, having encrypted data means that even if your data gets ransomed, your liability is significantly minimized. You’ll be back up and running with data backups and the encryption on ransomed files can negate the need to inform clients of the breach. These two factors can save months of recovery time and tens of thousands of dollars.

“Notice is not required if the breach of the security of the system is not reasonably likely to subject consumers to a risk of harm. The breach of secured personal information must be disclosed if the information acquired and accessed is not secured during a security breach or if the confidential process, encryption key, or other means to decipher the secured information was acquired by an unauthorized person.” - RCW 19.255.010

When was your last security audit?

Tech Mafia can perform a Cyber Security Audit of your business to identify weaknesses in your security and data backups. We also monitor the dark web to see if you have any passwords or other data exposed. While we can do an assessment of your current status, effective cybersecurity requires continual monitoring and updating as new threats appear. That’s why all of our cybersecurity services are managed service packages that include continual monitoring. We are your company’s IT department, monitoring remotely, there when you need us. Call today to get started!

Read the full Washington State Legislature 19.255.010