Image courtesy of Pixabay
How Small Businesses Can Avoid the Financial Pitfalls of Data Breaches
When it comes to concerns such as fraud or a data breach, what is the potential impact on your company? Some statistics indicate the average cost of a data breach currently comes in at $3.86 million, and that number is rising every year. Proper fortifications can help keep scoundrels at bay, but sometimes trouble comes from unexpected sources, like disgruntled employees or cleverly disguised emails, and virtually anyone can fall victim. Do you know what to do if an issue should occur?
Is this a real risk?
Cyber crime hits the news on nearly a daily basis, but we typically hear about big businesses. This might give you the impression that your small business is an unlikely target, and if that’s your line of thought, you aren’t alone. As CFO points out, some surveys show more than half of small business leaders feel their companies aren’t apt to be quarry for cyber criminals, but unfortunately, that’s not the case. In fact, the opposite is true. More and more, small businesses are selected by cyber thugs due to insufficient security. Both human complacency and poor technical choices can leave gaps in your defenses, and criminals are hunting for easy prey.
Fast action is everything
If your company should experience trouble, a speedy in-house response is your first step toward recovery. Shut down the actual equipment involved in the breach right off the bat. Then, before you can do anything further, you need to determine how much data was stolen and the nature of the lost data. One of the best ways to do this is by contacting a team of digital forensics specialists. Professionals like Secure Forensics can discern the extent of the breach, and even stop the spread of trouble. Digital forensics teams can even take things a step further, working to identify the source of the problem, find evidence necessary for prosecution, and help your company develop better security so the issue doesn’t recur.
Who do we need to notify?
When data breaches occur, there is often confusion surrounding the notifications companies must make to customers, employees, affected businesses, or patients. In some cases, law enforcement, the government, and the media must be notified. Who must be notified is determined in part by the nature of what information was stolen.
To give you an idea of different data and requirements, stolen credit card information means you need to notify financial institutions as well as card holders. One suggestion is to review your PCI compliance as well, and you can use a checklist to do so. If personal health records are stolen, you must notify the individual, the Federal Trade Commission, and potentially the media. If Social Security numbers are stolen, you need to notify each of the individuals whose data was taken.
To complicate things further, each state has laws regarding data breaches and notifications, and some are more stringent than others. It’s important to note that your notification compliance is in accordance with where individuals live, not with where your company is located. Therefore if your business is based in Colorado, and a Social Security number belonging to a customer in New York is stolen, you need to check the laws in New York for compliance. You can use this handy chart from Perkins Coie to review laws in each state.
Protecting your company
There are actions to take which raise your defenses against fraud and data breaches. Training your staff on password management and how to identify malware is a good start. Also examine your hardware choices, move to cloud storage if you haven’t already, and ensure your software is up-to-date with the latest security patches. And lastly, PCMag explains cyber insurance is a good choice for many businesses, as it can help with financial recovery should a breach occur.
For small business owners, fraud and data breaches are serious threats. Strengthen your defences and formulate a fast-action plan of response should trouble occur. By being prepared, your company can survive the potential pitfalls of cyber crime.
By Lindsey W