Data Breaches are Targeting Massachusetts Businesses; Are You Prepared?

Let me ask you something: how much do you think that data breaches have increased in Massachusetts in the past decade? 20 percent? 30 percent? Maybe even 60 percent?

Nope—they’ve doubled. They’ve doubled despite stricter policies for businesses that suffer from data breaches. They’ve doubled despite the fact that more and more businesses are required to meet certain levels of protection and compliance regulations. This makes it all the more important that you are prepared to prevent these kinds of breaches.

What is Massachusetts Facing in Terms of Cybersecurity?

Cybersecurity experts in the state have gone on the record to say that hackers are using more sophisticated attacks to acquire the sensitive information they seek. Considering how much the residents of Massachusetts lost in 2020 to cybercrime (nearly $100 million), and how remote work has left many companies that did not prepare themselves properly exposed to threats, security needs to be taken a lot more seriously.

State data shows that more than 1,000 incidents have been reported this year, impacting 846,000 people and counting. More than half of these breaches saw Social Security numbers accessed by hackers.

It is also important to acknowledge that, this year, more than 80% of impacted Massachusetts users are due to just 10 data breaches—the largest of which affected 192,000 or so residents of the state.

Furthermore, businesses aren’t the only targets of these attacks. Towns and government bodies are also commonly put in the crosshairs—like the town of Fairhaven was back in May, in a breach that impacted over 21,000 people.

Is Your Business Abiding By Massachusetts’ Data Breach Laws?

There are a few laws that all Massachusetts businesses need to abide by to ensure that they aren’t putting their data at risk. These laws include:

Massachusetts 201 CMR 17/Mass Data Protection Law

First coming into effect in 2010, the Mass Data Protection Law requires that any business that stores or uses the personally identifiable information of a Massachusetts resident have a written and regularly reviewed plan to protect it based on risk. Furthermore, it also requires that all of this collected PII is encrypted while on portable devices, that a business can only collect what it needs for its purpose, and establishes various security requirements for your IT infrastructure, amongst other things.

Massachusetts Bill H.4806

This law, effective as of April 2019, dictates how any company that does business in Massachusetts is able to operate when it comes to delivering data breach notifications. Specifically, any parent company of the breached entity needs to be disclosed, along with plenty of other information—including the person responsible for the breach, the company’s contact information, and the type of information compromised, along with other important pieces of information.

When Was Your Last Cybersecurity Audit?

If you want to prepare your business’ cybersecurity for the threats it will likely face today, it is important to know where you currently stand. Reach out to us for a comprehensive cybersecurity audit. Even if you’re currently working with another IT or cybersecurity company, a second look can never hurt. Give us a call at (774) 213-9701 today.