Is Your Business Susceptible To a Data Breach?Posted on Jan 30, 2019
Many business owners mistakenly believe their businesses are too small to attract malicious hackers and others attempting to steal information, money, and more through data breaches.
Nothing could be further from the truth.
Small Business Trends paints an alarming picture of the reality of vulnerabilities small businesses experience when it comes to data breaches.
These are some of the statistics it reveals about data breaches.
- 75 percent of data breaches are caused by attacks originating outside the business.
- 60 percent of small businesses that experience cyber-attacks go out of business within six months of the attack.
- 77 percent of companies do not have a formal response plan to manage a cyber-attack.
- It takes 191 days for most organizations to realize a breach has occurred.
- It takes an average of 66 days for a business to contain a data breach once discovered.
- $3.62 million is the average damage caused to businesses by data breaches.
- 1,946,181,599 is the number of records compromised by cyber-attacks in a single year.
The short answer is “Yes!” Your business is certainly susceptible to a data breach. Even companies that have invested extensively in cybersecurity measures have experienced painful and very public data breaches.
How Can You Reduce Your Data Breach Risks?
Now that you know just how vulnerable your business is to a possible data breach, it’s time to learn about the steps you can take to avoid the devastating consequences such an attack poses.
- Diminished reputation
- Decreased ability to compete effectively
- Loss of trust from customers and the general public
- Reduced income and revenues
- Financial losses from the attack itself
- Liability damages resulting from the attack and subsequent lawsuits
The key is to act before an attack occurs to prevent breaches, reduce your attractiveness as a potential target for thieves, and minimize your exposure.
These are steps you can take to reduce your risks.
- Secure your computers. This involves password protection, time out functions, and strict policies about the use of computers in and out of the office (specifically related to portable data storage, mobile phones, tablet devices, and laptops).
- Update security software regularly. Updates are issued specifically to address new threats or discovered weaknesses and vulnerabilities in existing software. Take the time to make the updates as soon as they become available.
- Educate employees about their risks and responsibilities. Train your employees on how to use company computers properly, the importance of logging off when not in use, and why they need to take a few extra minutes to make sure everything is properly shut down, stored, and locked before leaving the office, even for lunch or meetings.
- Destroy information before getting rid of it. This not only refers to documents but also CDs, disk drives, thumb drives, mobile phones, laptops, etc. It is essential that no usable information remains on the devices when they are sent for disposal or recycling.
While these are all highly valuable tools for reducing your risks, you must also have resources in place to respond to data breaches if they occur. Failing to do so can waste precious time that information is flowing to people who should not have it.
Here’s what you need to do.
Have a plan, in writing, for responding to a data breach that includes the following details:
- Immediate steps to cut off the flow of information and contain the breach.
- Reporting the breach to the proper authorities (list of authorities in your area and who within your organization is responsible for making that report).
- Plans for assessing the scope of the damage, the information released, and the likely people affected by the breach.
- Notification of individuals affected by the breach and a clear definition for who within the organization is responsible for doing so.
- Identify people within your organization responsible for ensuring compliance with legislative or contractual obligations related to the data breach.
Protecting Your Business with Cyber Liability Insurance
It is essential that you protect the interests of your business and invest in cyber liability insurance to shield your financial interests in the aftermath of a data breach.
It might not prevent or solve the problem, but it can ensure you have the resources to address the needs of the people who have been affected by the data breach and defend your business from prosecution in the aftermath.