It might seem like the bigger that target the better, but that’s not the case when it comes to data breaches. Running a small business is not a defense against data loss and fraud. The data that can be stolen from small businesses is just as valuable as that of large corporations; larger organizations just have a lot more of it. Less data doesn’t make you a less desirable target, and it might even make you a more desirable one if you don’t have the right security measures in place.
Small business data breaches are common
A recent study shows that 55% of small businesses have had a data breach. These small business data breaches do not necessarily stop at one attack, in fact, few do. Fifty-three percent of small businesses have had more than one data breach.
Data breaches can be hard to detect
Cybercriminals are sophisticated and they never stop innovating. There are many ways to suffer a data breach. An employee losing a laptop is bad news, but at least it can be reported immediately. Without proper monitoring, and sometimes even with it, data breaches can take months to detect. Hackers don’t always use data fraudulently right away; they may sit on it for months or sell it to someone else who sits on it for months. It’s imperative to catch the breach quickly to prevent damage, but that is not an easy task.
Data breaches are expensive
Even a large corporation like Target takes a financial hit when they suffer a data breach. Unlike many small companies, though, Target can afford to take that hit and stay in business. Depending on how many records are compromised, the cost of breaches goes up, easily into the thousands of dollars. Many small businesses don’t have the financial resources to recover.
Small businesses are doing it wrong
A study by the National Cyber Security Alliance/Symantic Small Business revealed that although 73% of small businesses believe a safe and trusted internet is critical to their success, most don’t have the policies to back that up. As many as 87% don’t have a formal policy for protecting data online and 67% don’t even have an internet security policy. It’s no wonder that small businesses are prime targets for cybercriminals.
What small businesses can do to protect against data breaches
There are a number of ways that small business can and should protect themselves from data breaches from insurance to monitoring to educating employees. Here are a few things your small business should consider doing to protect data right away:
- Invest in security technology – Ask information security professionals what level of security your data requires and invest in the most strategic tools to protect it.
- Infosec awareness programs – Educate your employees on how to handle sensitive information!
- Destroy documents – When you no longer need your paper files, shred them. Wipe hard drives on any devices no longer in use. Disposing of data properly helps keep it out of fraudsters hands after you’re no longer thinking about it.
- Monitor your devices – If a laptop goes missing, you need to know about it right away. Consider adding automatic locking to mobile devices when they are not in use.
- Think of the people – Screen new hires to make sure you can trust them with your data. The insider threat is alive and well. Don’t invite trouble into your organization and pay it to be there.
Small businesses, like any others, have a finite amount of resources. That means many aren’t equipped to handle the backlash of a data breach. Understanding and prioritizing security measures to prevent, detect and respond to data breaches will help to mitigate the risk of going under after a breach. Business owners need to recognize that their data is valuable to cybercriminals, and it needs to be protected.