Protect Your Business from a Data Security Breach
by Anthony Sills
Is your business in danger of a data security breach? Small businesses don't have the resources of big companies but are just as exposed to a potential data breach. Learn how to protect your business with these tips.
Image source: Photospin.com
One of the fastest growing threats to your business may be lurking right under your nose. The worst part is that if you’re like most business owners, you’re not prepared to deal with it.
The threat? Data security.
Data breaches are occurring more frequently--there’s been a 12% year-to-year increase in security events--and it seems we hear about new data breaches almost daily. An IBM Security report indicates there were 1.5 million monitored cyber attacks in the United States alone during 2013. With big companies like Home Depot, Adobe Systems, Sony, Citigroup, Target, Facebook, Evernote, and the New York Times falling victim to cyber attacks, many small business owners are panic stricken by the idea that the same thing could happen to them. And rightly so.
Small businesses owners don't have the resources of the big companies but they are just as exposed to a potential data breach. According to the Verizon 2012 Data Breach Investigation Report (DBIR) more than 70 % of the businesses in the study that were breached had fewer than 100 employees. Those breaches result in huge losses. Trend Micro found that, “cybercriminals steal as much as $1 billion a year from SMBs in the United States and Europe, alone.”
How can a data leak affect your business?
- Damage to reputation/brand--If your company is the victim of a cyberattack, it can cost you much more than money. Imagine all the trust and goodwill you spent years building between your company and your suppliers, customers, and employees vanishing in the blink of an eye.
- Lost revenue--Research sponsored by IBM indicates that on average a data breach costs a company $3.5 million, up 15% from last year. Revenue from lost customers and fewer sales due to declining customer loyalty is typical following a serious security incident. You may be responsible for reimbursement to customers. In fact, if even one employee loses a laptop, you’ll feel the pain. According to a Ponemon Institute study, the average value of a lost laptop is an astonishing $49,246.
- Potential liability--In response to the rash of major data breaches lawmakers are scrambling to put stronger measures in place to protect consumers. If you fail to safeguard sensitive information you could put yourself at risk for expensive lawsuits. When NetDiligence looked at actual cyber liability insurance claims as part of their third annual Cyber Liability & Data Breach Insurance Claims study they found that the average cost for legal defense was $574,984 and typical claims ranged from $25,000 to $400,000.
- Lost productivity--Data breaches and other security incidents cause serious losses in productivity. Consider some of the fallout from a data breach. There’s downtime. You may also have to recreate lost data from scratch, engage in PR activities, contact individuals affected by the breach, go through litigation, and many other time-consuming activities that will distract you from your main focus.
- Resolution may require outside help--Another pitfall caused by data breaches is small businesses lacking in-house IT expertise will likely have to depend on an outside entity to help them sort out their problems.
You may wonder why more entrepreneurs aren’t doing something about data security if it poses such a big threat to businesses.
Why aren’t business owners doing more?
There are three key reasons that businesses--small businesses, in particular--aren’t prepared for the devastating effects of a data breach.
So what can you do to keep a data security incident from crippling your business?
This is what you should do to protect your business
If you want to protect your business, you don’t need a massive war chest and a team of security experts. You will have to invest some time and effort to secure your business but you owe it to yourself to get started today.
- Get educated-- You’ve already taken the first step to protecting your business from a data breach by reading this article. Continue to seek out the latest factual information about data security incidents and how to best protect your business. You can start with this practical guide to IT security for small businesses.
- Make your business PCI compliant. If your company processes, stores, or transmits credit card information, you need to be sure your operation is compliant with Payment Card Industry Data Security Standards (PCI DSS). Failure to be in compliance could lead to stiff fines and penalties if you are breached.
- Get clear on what data you have and where it’s located--Most companies store data in a variety of locations. But leading security experts’ top concern is not knowing the location of sensitive or private data. 80% of data within most businesses is what’s known as unstructured data. Unstructured data such as emails and documents lacks a pre-defined data model or isn't organized in a predefined manner. Shockingly, only 7% of companies who participated in a recent Ponemon Institute LLC research report know the location of all their sensitive unstructured data. Spend some time identifying sources of risk.
- Put systems in place to minimize risk and protect your business--Establish data protection policies and communicate them clearly to employees, strategic partners and customers. According to Trend Micro, “80% of organizations, regardless of size, believe managing and monitoring end-user privileges and entitlements is the most important security measure against data breaches.”
- Safeguard sensitive data--Take steps to protect confidential information. Data loss prevention software can block sensitive information being sent through email. Confidential business information should be encrypted or safeguarded by DLP technologies. Cisco offers a few tips for safeguarding customer data on their blog.
- Use layered security--Security experts recommend using many different tools and techniques. A great first layer you can add is anti-virus and anti-malware. Consider adding a well configured firewall. Restrict access to your data only to people you trust. Keep your software and patches up-to-date. You also want to physically secure your data and regularly backup all your data. Ideally, you want to put an automated backup and recovery strategy in place.
- Keep an eye on your inner circle--You can still be a victim of a data breach despite your best efforts if companies you do business with aren’t protected. Banking institutions, cloud storage providers, suppliers, even your employees can expose you to data leaks. Establish clear policies governing data shared with third party vendors, employees, and contractors. Employee negligence can also cause data leaks. Bring-Your-Own-Device (BYOD) necessitates protecting not only business technology but employees' personal devices.
- Have Incident Response Plan in place in case your company is breached--In the unfortunate event that your company is the target of a cyberattack you’ll be able to respond faster and much more effectively if you have a preexisting plan in place. Not having a plan can raise the already staggering cost of a data breach 10 to 15% higher. Don’t wait until disaster strikes to deal with your company’s data security.
Now that you’re armed with the basics, spend a few minutes auditing your business to determine what data you have and where it's located. Once you have a handle on that, you’ll be better prepared to come up with a plan to protect your business and the data it handles.
© 2014 Attard Communications, Inc. All Rights Reserved. May not be reproduced, reprinted or redistributed without written permission from Attard Communications, Inc.
Anthony Sills is a direct-response copywriter and content strategist on a mission to eliminate boring marketing. He's written copy for eBay, SEMrush, IBM, American Express, InfusionSoft and many exciting startups. You can always reach Anthony via social media or email.