Data Breaches: A Big Risk for Small Businesses
As they see large retailer names splashed across headlines, many small-to-medium size businesses (SMBs) owners are left with the false sense that their companies are too small to be victim of a breach. And this can’t be further from the truth.
But as Michael Bruemmer, Vice President Experian Data Breach Resolution, points out small businesses can be a particularly attractive target to hackers as many of them often lack resources to manage cybersecurity.
He believes this is especially trued during the holiday shopping season, cybersecurity should be top of mind for businesses.
Owners and managers know a cybersecurity incident can be devastating to a business, whether the attack cleans out a business’ bank account or steals customers’ personally identifiable information. Breached companies may lose customers and will spend a great deal of time and money recovering from damage done to their reputation. Over a two year timespan following a breach, U.S. companies pay an average of $5.85 million per breach.
While all businesses must be prepared to face a data breach, it’s most important for small businesses as the financial and reputation damage of a breach can be even more devastating. To be prepared, SMBs should:
Make data security a priority.Many companies that no longer existence today failed to realize the urgency security vulnerabilities posed for their company. This is a top to bottom company-wide concern so make sure management and employees understand the topic and are able to implement determined security precautions.
Conduct a risk assessment. Consider what cybercriminals most likely want to steal – for example, customer credit card numbers or business’ banking account. Once the situations are evaluated, establishing security objectives and metrics can help determine the effectiveness of security program goals.
Develop an incident response plan. Preventing a breach is only part of the strategy. SMBs must have a plan in place to address how they will handle a breach if, and when, one occurs. According to the Ponemon Institute, investing time in developing a security and incident response plan can save a business nearly 25% of the cost of a data breach.
Consider buying cyber insurance. A good cyber insurance policy can help improve a business’s level of precautions and can help facilitate recovery if something happens. Sixty-two percent of companiessurveyed by the Ponemon Institute that have a cyber insurance policy reported that just the process of evaluating cyber insurance improved their cybersecurity preparedness and readiness.
It is necessary to take steps to address the issue of cybersecurity, preferably before it affects a business and their customers. Never underestimate the importance of protecting sensitive data, because in this digital age a company’s cybersecurity plan could be the one thing that keeps it in business.
Michael Bruemmer, CHC, CIPP/US, is Vice President with the Experian® Data Breach Resolution group with more than 25 years in the industry.