Here are some scary facts for small business owners: Data breaches are at an
all-time high with no sign of slowing down. More than half of all data breaches target small and medium-sized businesses, and among the small businesses that are hit,
60 percent close up shop within six months. That’s because a single data breach can cost a small business tens of thousands of dollars and 20 percent of its customer base, something few small businesses recover from.
So what’s a small business owner to do? Here’s what you need to know about data breaches and your small business.
What is a data breach?
A data breach is when data is exposed without authorization. Data breaches put a company’s essential data at risk and expose customers to fraud and identity theft. A data breach could mean getting hacked, downloading malware, or simply losing a device with sensitive information. No matter the type, data breaches are a serious threat to small businesses.
What forms do data breaches take?
Chief Executive identifies these types of data breaches:
?
Computer intrusion.This includes phishing attacks, malware, skimming, and other acts that fall under the umbrella of “hacking.”
?
Insider threats.Insider threats happen when a rogue employee intentionally compromises sensitive data.
?
Lost or stolen data and devices.When devices with company data are lost or stolen, sensitive data is exposed.
?
Employee error.It only takes one occurrence of emailing sensitive information to the wrong person, clicking on a suspicious link, or using a weak password to compromise a business’ data.
?
Internet exposure.Cloud storage is convenient, but without proper security measures, it’s also
risky.
?
Unauthorized access.Weak admin controls or employees sharing passwords with someone they shouldn’t are two of the ways unauthorized access can threaten a company’s data.
How should small businesses respond to data breaches?
If a small business is going to recover from a data breach, a timely and thorough response is key. Laws govern how a business must respond to a data breach. Specific rules vary by state, but in general, small businesses must notify customers within an established timeframe. Some states also require businesses to notify the authorities of a data breach.
Tech Insurance has a helpful page for locating data breach laws in your state.
Beyond legal obligations, small business owners also need to take steps to contain and stop a data breach. This is where many small businesses run into obstacles, as not every business has a dedicated IT team, let alone one properly trained in cybersecurity. In the absence of a qualified IT staff, small businesses should hire a digital forensics team such as
Secure Forensics to contain the damage and identify where the data breach came from.
The public relations side of a data breach can’t be neglected. If you want to minimize customer loss following a data breach, it’s worth investing in damage control from a professional PR team. When it comes to informing customers of a breach and supporting them in preventing identity theft, the
right approach can make or break your business’s future.
What are the best practices to prevent a data breach?
Whether you’re recovering from a recent data breach or trying to prevent a data breach from hitting your business, these are the steps to take:
1. Stop storing
unnecessary data. The less data you have on hand, the less data that can be compromised. If you don’t need it, don’t store it.
2. Update your security practices: Firewalls, antivirus protection, encryption, and endpoint detection are the must-have
security solutions for small businesses, BizTech reports. If your business doesn’t already have these in place, it’s time to make the investment.
3. Train your employees. An
alarming number of data breaches arise from employee errors. Training employees in password management and phishing identification is one of the most cost-effective ways small businesses can prevent data breaches.
4. Examine your hiring practices. If a data breach started with a malicious employee, it’s worth revisiting how your business screens job applicants.
Data protection is something small businesses need to take seriously if they want to stay in business for the long term. Unfortunately, many small businesses aren’t taking the right steps to protect against data breaches. While it can seem costly to invest in IT security, failing to prevent a data breach costs small businesses far more.
