GRAND RAPIDS, Mich. -- Data breaches continue to cause problems for major companies and that puts millions of people's information at risk.
Small businesses in West Michigan are working to take precaution. Hundreds of business leaders gathered inside the Amway Grand Hotel Wednesday morning for the Cyber Security Conference to learn how to protect themselves from online hackers and phishing scams.
Attorney Jennifer Puplava said, "Facebook just got hit with a $5 billion penalty by the FTC because of the privacy breaches, and they're undergoing a revamp of all their privacy protocols."
"That's a really big company and a really big number, but small businesses could also be on the hook along those same lines on a smaller scale," she explained.
The attorney with Mika Meyers PLC said, "Every business has different kinds of sensitive information they collect. I mean, we're a law firm so we collect sensitive information about our clients. We also have sensitive information about our employees."
She says there's also the sharing of that sensitive information with vendors, and it's all the more reason cyber security experts recommend small business owners educate themselves and their employees on liabilities in the digital world.
"The standard that's developing is that if a business doesn't take reasonable security measures to help protect their sensitive information then they can become subject to a lawsuit for negligence or for breach of duty," Puplava explained.
If that does happen, she says proof of having made an honest effort to prevent an attack can help you in court.
Jim Carpp, the chief digital officer at accounting firm Rehmann said, "A lot of smaller organizations will say, 'I'm not really a target because I'm small.' Well actually, (hackers have) migrated from the large organizations to the smaller ones because they can get in and get out very quickly."
He says Rehmann is hired by small businesses to phish and send fake emails to see if employees take the bait and give up sensitive information.
"And there isn't a week that goes by that we don't actually capture somebody and be able to compromise them," Carpp explained.
As a solution, he says there should be less focus on tools and technology and more focus placed on training employees to avoid and report mistakes.
Puplava said, "Any business that is more than a business of one (person) is going to need to start paying attention to these issues."