You can be on Entrepreneur’s cover!

4 Strategies Small Businesses Can Use To Avoid a Data Breach Hackers are getting more sophisticated. Make it a priority to protect your customers and employees by knowing your risks and taking the appropriate steps to safeguard your business.

By Adam Levin

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Cyber breaches of mega-retailers like Home Depot and Target, health care insurers like Anthem, Premera and Excellus and federal agencies -- most prominently, the Office of Personnel Management -- dominate the headlines, but it's only a fraction of the story. What most people don't realize is that a staggering 90 percent of breaches impact small businesses. Those figures, released by payment technology solutions powerhouse First Data, highlight the seriousness of the cyber security issue for small businesses.

Unlike larger organizations with revenues in the billions, small businesses might easily experience a near extinction-level event from a data breach. The recovery expenses mount quickly -- credit monitoring for affected customers, lost revenue, crisis management, customer notification and investigation of the breach, just to name a few -- and can create a financial loss so staggering it has the potential to crush a small business. With 2016 already on pace to see a 4.7 percent rise in the number database compromises over last year, according to data released by the Identity Theft Resource Center, members of the business community have a right to wonder if or when this seemingly never-ending assault will plateau.

Related: 1 in 5 Companies Had a Security Breach, New Study Says

Small businesses need to follow the 3Ms in order to navigate a most dangerous digital world. Minimize the risk of exposure; monitor networks; and have comprehensive incident response and resolution programs in place in order to manage the damage. In other words, respond urgently, transparently and empathetically to customers and employees in the event of a compromise.

Here are four strategies that can help small businesses better defend against malicious insider and hacker attacks and more effectively deal with them if a breach does occur.

1. Know your risks.

It's imperative that small businesses acknowledge the value of their data and do what they can to protect it. Companies of every size can reduce the chance of an exposure if they scour their network and data assets with an eye toward where vulnerabilities might be lurking.

First, review the type of data that you are collecting and storing. Businesses handling medical or financial information, for example, may need to comply with industry regulations or state and federal laws that require specific security measures. Also, understand where sensitive information currently resides. A server with remote access could present an easy target for hackers. Consider keeping top-level data somewhere that's more difficult to reach.

Related: 5 Ways to Avoid Data Disasters

Get a handle on how data moves across your network. How are mobile devices authorized to connect? Which data is shared with third parties? See if security gaps exist at those connection points and fix them.

2. Make employees your first line of defense.

Employees typically have wide access to stored information -- from customers' financial data to personnel records. A better strategy is to match network access permissions to the requirements of specific job duties. If an employee doesn't need access to sensitive data, don't give it to them. When you change an employee's role, update his or her login credentials to maintain a strong security posture. Equally important, immediately deactivate the network access of any employee who leaves the company, regardless of the circumstances of their departure.

Employees represent a delicious target. Hackers view them as the weakest link, making the small business workforce a crucial link in the security chain. Raising employee awareness is essential. Educate them about the dangers of phishing and falling for other common scams. Be sure they know what to do if they think they might have clicked on a malware-laden link or mistakenly provided information on a clone website.

Related: 5 Ways Your Employees Are Unintentionally Sabotaging Your Data Security

3. Focus resources in the right areas.

Like their larger counterparts, small businesses often hold enormous amounts of data. Trying to deploy an impenetrable fortress around all of it would be prohibitively expensive. Instead, identify the information that is most sensitive -- and most valuable -- and focus security resources in those areas. Consumer data (payment data and personally identifiable information such as Social Security numbers, names, addresses, birth dates, etc.) and employee data should be among the files afforded the highest level of protection.

Strong security doesn't have to be prohibitively expensive. Encryption technology is often free or very low cost, so look for opportunities to use it. By encrypting sensitive datasets, a stolen laptop or lost thumb drive will still be an annoyance but it may not result in a breach.

4. Invest in cyber insurance with coverage that matches your business risk profile.

Because the financial implications associated with even a minor breach are significant, small businesses must consider mitigating their risks by adding a cyber insurance policy. Coverage is available that helps pay costs related to forensic investigations, customer notification, reputation management and even legal counsel. Some policies also provide access to experts who can help the business evaluate its risks and address potential vulnerabilities.

Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance, real estate and government service. A former director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of IDT911 and co-founder of He is also the author of "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves."

Adam Levin

Chairman and Founder of IDT911

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Mr. Levin is Chairman and founder of IDT911 (IDentity Theft 911) and co-founder of  Adam Levin is the author of Amazon Best Selling Book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

This Dad Started a Side Hustle to Save for His Daughter's College Fund — Then It Earned $1 Million and Caught Apple's Attention

In 2015, Greg Kerr, now owner of Alchemy Merch, was working as musician when he noticed a lucrative opportunity.

Business News

I Designed My Dream Home For Free With an AI Architect — Here's How It Works

The AI architect, Vitruvius, created three designs in minutes, complete with floor plans and pictures of the inside and outside of the house.

Business News

This Fan-Favorite Masters 2024 Item Is Still $1.50 as Tournament Menu Appears Unscathed by Inflation

The pimento cheese sandwich is a tradition almost as big as the tournament itself.

Business Ideas

7 Link-Building Tactics You Need to Know to Skyrocket Your Website's Rankings

An essential component of SEO, link building is not just a 'Set them and forget them' proposition, but a dance of skills and strategies.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Here's One Thing Americans Would Take a Pay Cut For — Besides Remote Work

An Empower survey found a high percentage of respondents would take a pay cut for better retirement benefits and remote work options.