5 Ways to Avoid a Costly Data Security Breach Security tips from the FCC for protecting your digital and physical files

By Dan Briody

One of the most common responses I get from small-business owners when I talk to them about data security goes something like this: "Who would want to steal anything from us? It's not like we're the NSA."

The hard truth is that any business is a target for bad guys. Just like any home can get robbed, any car can get stolen, and any eBay account can get hacked. It doesn't matter what kind of business you're in. You are vulnerable.

Especially now. Because every business is connected to a network in some way, it means that one bad apple can test the security of thousands of businesses--all with the push of a button.

And these breaches can be costly. Ponemon Institute is an independent research group that has been studying the cost of data breaches for nearly a decade. It factors in everything from lost business (or customer churn) to public relations efforts to notification letters. The institute found that the average cost per each record lost is $202, a number that has been climbing steadily over the last few years. Multiply that number by however many records you have and you'll start to get some idea of why you should take data security seriously.

So what can you do about it? The Federal Trade Commission has a terrific guide that details the steps small businesses should take to protect sensitive information. Below I've listed the high-level steps the commission recommends, but don't forget that these rules apply to both physical and digital records and that threats come from both outside and inside your organization.

  1. Take stock. You can't manage what you don't measure. As a business owner, it's your responsibility to know what information you're keeping, how far back it goes, and which records qualify as sensitive. Knowing all of this is not just good for security purposes, it's also good business.
  2. Scale down. The less information you have around, the less vulnerable you are to theft. Only collect those pieces of data that you really need to make your business more efficient. Don't put your customers (and your business) at risk by storing credit card numbers you don't need. And never make customers use their Social Security number as an identifier unless absolutely necessary.
  3. Lock it. The information you're keeping around must be kept secure. That means physical records must be locked in boxes and in secure locations. And digital records must have sufficient safeguards. All PC hard drives should be password-protected. That means that before the computer even boots up it prompts you for a password (this is different than your login screen). Screensavers should come up in no more than 20 minutes, requiring a password to log back on. And servers that house records must have robust security measures and, in some cases, encryption.
  4. Pitch it. Most businesses hold onto thousands of unnecessary, outdated or otherwise useless records. Tax records and supporting documentation should be held onto for seven years, on average. But other things, like paycheck stubs, bills, investment records and such, should be kept no longer than a year. Get a shredder and use it.
  5. Plan ahead. Prepare for the worst. You need an action plan for how you will investigate a breach, notify customers and remediate any security vulnerabilities.

Security is often an afterthought for a small business, but it's simply not enough to hope these things don't happen to you. Getting out ahead of these kinds of issues is critical. And building security into technology systems before you start using them is always a good idea.

Dan Briody is the author of two books and is the former Executive Editor of CIO Insight Magazine, a leading publication for information technology managers. He is also a frequent contributor on technology topics for Wired, Inc. and Business Week magazines.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Thought Leaders

Cultural Fit Can Make or Break an M&A Deal

One of the most critical components for success -- cultural fit -- often falls by the wayside.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Growing a Business

What Our Digital World Is Missing — and How I Turned It Into $100 Million After Dropping Out of High School

I went from high school dropout to $100 million CEO by sticking to one very important learning principle.

Business Plans

Healthy Business Growth Comes from Depth, Not Just Disruption — Here's Why

For startups with a strong foundation, here's how to discover and deliver new products and services that customers want.