By Janice Miller
The cost of data breaches is higher for small businesses than large ones. Not only do small businesses have to weather the initial expense of a data breach — an average of $120,000 per incident, according to Kaspersky — they also have to recover from the massive reputation hit that a data breach causes.
The bad news only gets worse for small business owners, because their companies are a popular target for cyber attacks. The Ponemon Institute’s 2018 State of Cybersecurity in Small and Medium Size Businesses report found that 67% of small businesses experienced a cyber attack in the past 12 months and 58% of small businesses experienced a data breach in the past 12 months.
Where Are Data Breaches Coming From?
Most data breaches come from outside sources — organized crime is the most common perpetrator, representing 50% of data breaches. Another 12% are orchestrated by state-affiliated agents, while a whopping 28% of data breaches come from “insider threats.” While a scorned former employee can be behind a data breach, more often inside threats arise from carelessness: Employees using weak and poorly protected passwords and opening email attachments containing malware are primary drivers of insider breaches.
How Can Small Businesses Prevent Data Breaches?
Don’t wait for a data breach to happen to start thinking about cybersecurity for your business. These are the steps that every small business owner should take to prevent a data breach from hitting their company:
Screen employees. When you’re handling sensitive data, employees need to be more than trustworthy. Your employees need a solid understanding of cybersecurity best practices. Improve your employee screening practices and know the right interview questions to ask to assess their security-savviness.
Install antivirus software and firewalls. This one should be a given for anyone operating a computer in 2019. Purchasing antivirus software with built-in firewall protection is an easy way for small businesses to get basic network security up and running.
Back up your files. In the event that a data breach does occur, you’ll need file back-ups to avoid losing everything. Follow the 3-2-1 rule for backing up your data.
Choose your e-commerce platform wisely. Don’t expose customers to identity theft. If you’re doing e-commerce, use SSL encryption and choose a payment processor that’s PCI compliant.
Create an incident response plan. An incident response plan tells your staff what to do in a data breach so they don’t panic and make things worse. Find a detailed guide to making an incident response plan here.
What to Do if Your Small Business Experiences a Data Breach
If your small business suffers a data breach, you’ll need to act quickly. These are the first steps to take when your data is under attack:
Contain the breach. Stop a data breach from getting worse by taking affected systems offline.
Investigate the data breach. Your next step is to figure out where the data breach came from and how deep it goes. If you don’t have an IT team trained in handling data breaches, you’ll need to contract with a digital forensics team like Secure Forensics. These digital specialists can identify the source and scope of a data breach in order to contain it as soon as possible.
Report the breach. State laws dictate which agencies you must notify of a data breach. Find your state’s data breach laws at TechInsurance.
Inform your customers. Notifying customers is the hardest part of a data breach, but you have to do it. Get ready by preparing information for your website and social media and increasing your staffing to handle the call volume. A great PR team is your best resource here.
Don’t fall into the trap of thinking that data security is something only big businesses need to think about. As a small business owner, you’re just as responsible for protecting your customers’ data — and your own — as a multinational corporation. If you’re among the 73% of small business owners who aren’t taking adequate steps to protect against data breaches, it’s time to start getting your data protection policy in place.
About Janice Miller
Janice Miller has always been an advocate for ensuring safety. It started in the community, in a physical neighborhood, but the more she engaged online, the more she saw that there was a need to ensure safety on the Internet as well.