Yahoo Breach and Data/Information Security

The massive breach of accounts at Yahoo revealed on September 22, 2016, brings several thoughts to mind:

• The purchase of Yahoo by Verizon Wireless has not yet closed. Any companies undergoing diligence on the M&A front should account for this kind of issue (Yahoo's breach occurred several years ago) as part of the value and process of the transaction.

• Anyone can get hit. Yahoo is a juicy target because it is so massive. Most small-company problems aren't due to targeting, though: they are due to internal actors. Sometimes it is negligence and sometimes it is malfeasance... but it is almost always employees who cause leaks and incidents. 
• Even a small incident causes business disruption and unnecessary cost. Finding ways to prevent or minimize issues before they happen is prudent for most companies.     
• Planning ahead for a problem is the best defense most companies can have, both practically speaking and as a legal matter. Training, awareness, and employee policies can go a long way toward sealing gaps, since many issues relate to human behavior rather than to hacking. Carrying a cyber policy can also be helpful.

An ounce of prevention is said to be worth a pound of cure. Not every incident can be prevented, especially malicious ones. Building in some prevention, however, is a priceless investment for most small companies. Your lawyer can help you sort through which measures make the most sense based on your company's size, resources, and risk profile.