Data Protection for Small Business
With the internet becoming a massive revolution and almost every transaction ranging from financial to signing of contracts conducted online, protecting confidential information has become very important.
Cyber crime is costing businesses millions of dollars
Large companies are known to implement stringent data security policies. Despite this, hackers have found loopholes in the system – Target, iCloud, Home Depot being examples of recent security breaches that made headlines. Small businesses can also be a target to hackers if they are not careful. Nothing is stopping the same hackers from targeting a small or medium-sized business.
An IBM-Ponemon Institute Study 2015 says that "On average, a data breach has been studied to cost $6.53 million to a company." These estimates do not cover losses to brand image and lost business opportunities. Small businesses generally lack manpower and the budget to protect themselves from hackers. According to information from Towergate, a leading insurance intermediary, the most common security risks involved in a small business set up include:
#1 Casual Stance towards Data Security
Most SMBs do not understand or realize the importance of data security. 82% of the companies believe that they aren't a target for cyber attacks as they don't have anything worth stealing. 32% of these companies also believe that a day's downtime due to an attack would not significantly affect their revenue. Malicious or criminal attacks are the leading causes of data breach and also the most expensive. These companies don't invest in fully protecting themselves and end up being vulnerable to attacks.
Solution: Start by developing a basic data security plan that not only covers data protection but also includes an action plan in case of a breach. Patch all your systems and segment your networks, secure your browsers, mandate data encryption and use an email encryption solution to protect your data.
Chip Brooks, Owner of ZixMailEncryption says, "It's very prudent for every business to use an email encryption solution to protect their data. We've seen that several small businesses are not even aware of a solution like that."
#2 No strong data security policies
A small business needs to reflect upon its own policies to see whether data security is imbibed into their work culture. Without a security policy, most businesses end up vulnerable to attacks and most of them fail to contain breaches due to non-existent post-breach policies.
Solution: Establish a data storage policy that becomes the rule book to be followed by all employees. The policy should cover data access structure within a company. Maintaining audit trails ensure accountability of who has accessed what kind of data and when. Businesses also need to understand that larger data sets increase their risk of a cyber attack. It is very important to have a policy that would ensure prompt deletion of old or unnecessary data. Limiting social networking platforms is also a key step in protecting company data.
#3 Lack of Data backing systems
62% of small businesses fail to routinely back up their data. The reasons could either be due to a lack of infrastructure or failure to conduct regular data backups. Regardless of the size of your business, data back-ups are a must.
Solution: Automate the entire process of backing up data. Apart from physical drives to store data, make use of trusted cloud services and other off-site servers to ensure data security even in cases of natural disasters, fire or theft. If companies cannot hire an IT team full time then outsourcing the service, hiring consultants or use of trusted third party systems could be an option.
#4 Internal Threats
Cyber attacks due to an employee could be intentional or just negligence. When it comes to corporate espionage all employees, whether it's the CEO of the company or your hard-working developer, need to be carefully monitored. Apart from planned attacks, employee negligence is also costing companies. Close to 77% of employees leave their computers unattended, fall prey to spam links or end up installing malicious software on their systems. And it comes as no surprise that 95% of all security incidents involve human error.
Solution: Close monitoring of employees would include checking for unusual behavior, limiting access to critical business data. Reducing security breaches due to human error should be done by educating and training employees about data security. Sean Park, Managing Partner of Sean Park Law says, "Data security is an important part of our operations. As a law firm, client confidentiality is of utmost importance. We take every step to ensure that we are up-to-date with our security policies, such as automatic encryption for online client communication."
#5 Boon and bane of mobility
With more and more companies adopting the Bring-Your-Own-Device (BYOD) system, the access points for data is also increasing. 56% of employees are known to store critical business data on their mobile devices like laptops, smart phones etc. Without proper data security measures in place, these devices are soft targets for cyber attacks.
Solution: Set up a security checklist for all mobile devices. These devices should comply with your data security policies. Encryption of all devices is a must. WiFi networks are known to permit interceptions of data, avoid using unprotected WiFi networks and apply LAN within company walls if possible.
In an era where data is money and cyber crime is a real threat, small businesses need to understand that the cost of data breaches is higher than the cost of implementing security systems. It's important to put some time and effort into ensuring the safety of your data.