Print   RSS

Securing Small Business Data in 2014

Don Amerman

March 19, 2014

While headlines and broadcast media focus on large-scale data breaches at major retailers and other large corporations, the attack on sensitive data held by small and mid-sized businesses, or SMBs, gets far less attention.

Although these hacking attacks and insider data thefts are obviously smaller in scale when considered individually, collectively they account for a large percentage of the sensitive data put at risk each year.

Hacking Can Be Fatal: For U.S. businesses that are victimized, the cost per record compromised was $194 in 2012, up from $188 in 2011, according to Ponemon Institute, a research center dedicated to data protection and information security policy. But perhaps the most frightening statistic comes from Experian Data Breach Resolution, which estimates that roughly 60 percent of the SMBs hit by data breaches go out of business within six months.

The very nature of hacking has changed dramatically from the days when computer nerds considered it a badge of honor simply to be able to gain access to sensitive data held by businesses, government agencies, and other organizations. In many cases, successful hacking was an end in itself.

Helped Identify Weaknesses: In some respects, this hobbyist form of hacking, illegal though it was, pointed to weaknesses in data security systems and encouraged businesses and other organizations to take added steps to protect sensitive data.

Today, hackers for the most part are thieves, determined to access personal financial data for criminal gain. And as the quantifiable costs of these hacking attacks attest, the resulting toll on businesses is extremely high.

And the threat doesn't always come from outside forces seeking to breach your small business's cyber security barriers.

Last year's revelations about the massive data thefts from the National Security Agency make it clear that criminal-minded insiders can do plenty of damage.

Today's Forecast: More Data, Less Budget - By the very nature of their size, SMBs don't have the luxury of large budgets they can devote to the protection of the data in their care. They must find ways of doing more with less, a need that grows as they find themselves acting as stewards for ever-increasing amounts of sensitive data.

Identity theft specialist Michael Bruemmer, an executive at Experian Data Breach Solutions, has some relatively low-cost suggestions for steps that SMBs can take to protect against data breaches and how to manage such a breach should it occur:

Carefully Assess Risk: Not all data is created equal. Your business should carefully examine all the data in its care and attempt to pinpoint the information most likely to be targeted so that the lion's share of your data security dollars can be devoted to its protection. Experian Data Breach Solutions cites a recent study by Javelin Strategy & Research that shows credit and debit card numbers and Social Security numbers are at particularly high risk of being compromised.

Develop a Response Plan: No matter how formidable your data security program may seem to be, a highly motivated and skillful hacker or insider can compromise data in your care. Or, you might get lucky and never have to deal with the aftermath of a data breach. Regardless, you owe it to those whose sensitive personal and financial information you are handling to develop a step-by-step plan to guide you in your response to such a data breach incident should it occur. Knowing in advance what must be done will allow you to handle the incident responsibly and in a timely fashion.

Educate Employees on Importance of Cyber security: The 2013 Small Business Technology Survey conducted by the National Small Business Association revealed that almost 25 percent of the businesses surveyed had "little to no understanding of cyber security." Not only must your business's executives understand the importance of protecting the data in your care, but employees must be made aware that sloppy handling of data can put that information at risk. All employees should be taught to take all reasonable precautions with sensitive data to lower the risk of breach.

Consider Cyber Insurance: Cyber insurance should never be considered a substitute for data protection and security policies. However, having such insurance can soften the impact of a breach should one occur.

 Feedback   Submit Article