How To Protect Your Small Business Against A Data Breach
Entrepreneur's New Year’s Guide
You're reading Entrepreneur Middle East, an international franchise of Entrepreneur Media.
Data breaches are a growing threat, vitally important for companies of all sizes and trades. According to Gemalto, 1,792 incidents were recorded throughout the world in 2016, which led to the compromise of 1.4 billion data records, which is 86% higher than in 2015.
A study by IBM and the Ponemon Institute shows that in 2016 the average damage from a data leak incident escalated to a record US$4 million. According to the opinion poll of info-security professionals during SearchInform Road Show 2016, most often companies lose data about customers (25%), technical information (18%), documents containing commercial and trade secrets (18%), and personal data (15%).
It should be emphasized that the culprit of a data leak can be either an external attacker or an employee of the company. According to the recent Dell End-User Security Survey, 72% of employees are willing to share confidential information. In the financial sector, this percentage is the highest - 81%. At the same time, 65% of the respondents indicated that among other duties they must insure the protection of confidential data. Causes of data leakage vary: from negligence and inadvertence to mercenary motives and industrial espionage. Nevertheless, the Dell survey shows that most employees violate safety rules, sincerely believing that it helps their companies and makes their work more efficient. And this happens even though 63% of the interviewed employees have been trained to improve their knowledge and skills in the field of information security.
Effectively, it is impossible to ensure 100% protection against data leakage. Moreover, it is unwise to rely on the fact that employees understand and correctly evaluate all risks associated with data leakage. Therefore, it is worthwhile to consider in advance what a company should do in the event of a data breach incident. Here is a high-level plan for that:
1. Don’t panic
The most negative situation is when you learn about a leak accidentally - from loyal customers or from the internet, for example. It means that your security system does not work at all or isn’t properly configured. If you have an opportunity to investigate the incident in hot pursuit - when the DLP system quickly discovers that the outbound traffic contains confidential information, for example - there is still a chance to right the ship. First and foremost, restart, accelerate, change, or even cancel the decisions and the business processes associated with stolen information. These measures would save company's money and allow you to proceed with further actions: investigation and mitigation of consequences.
2. Identify the culprit of the leak
This step is necessary because it will help to prevent similar incidents in the future. In a small company, you can ask IT specialists to check corporate mail, proxy server logs, and other traceable gateways. In medium and large companies, there is no alternative to powerful search algorithms of DLP systems. A modern company works with overwhelming amounts of information each day, and it is impossible to analyse it manually. In addition to a DLP solution, access control system, SIEM and video surveillance systems would help to reconstruct the chain of events and conduct a full-scale investigation.
3. Identify the instigator
Once the insider is identified, the next step is to find out the end beneficiary. In the event of a purposeful leak of information, with substantial evidence against the insider it is usually easy to prompt the insider to come clean and uncover the instigator. Once you have the full picture of the incident, you could start mitigating potential consequences.
4. Understand the problem and assess the impact
What kind of information left the perimeter of the company? Commercial offers, financial plan, customer base? Or a few documents marked "strictly confidential"? Determining the boundaries and significance of the problem at this stage is very important. This will serve as a starting point for further action. What’s better, solve the problem of one's own bat or engage the law enforcement? If the information is really important, and the only security tools you have are the passwords for the employees' PCs, it is better not to risk and get any help available. If there are experienced professionals working in the information security department of the company, then in most cases it is better to try to calmly sort it out on your own.
5. Mitigate the consequences
There is no magic pill that would solve all the problems associated with data theft and leakage. Such incidents are individual, and so are the consequences and mitigation measures. However, there are some broad guidelines:
- Understand what other information, besides the leaked one, could be compromised.
- Report the leak to the impacted party. That is especially important when there is a high probability that people will learn about the leak themselves. Besides, it helps the affected party take some action to protect themselves. So, make sure to inform them.
- In case the information about the leak has become public, make sure to launch a PR campaign to diffuse the impact of the leak. If you don’t have any PR specialists, hire an agency. Be open with the media and tell the audience about the measures that you’re taking to prevent such situations in the future. This will show the customers that you care about them.