Do small businesses really need to worry about Data Breaches?
Risks are everywhere in business. Some businesses take risk by loaning money to a customer. Other businesses take risks by having their employees climb to the top of a telephone poll 50 feet in the air and work on an electrical wire. No matter what type of risks your business faces, it some form or fashion you face the risk of a data breach. Data breaches are the most dangerous risks that many businesses fail to protect themselves from. Far too many businesses think a data breach is just not something that can happen to their business, but it does not matter the size nor the scope of your business, hackers are targeting you.
But who would really want to hack my small business?
Two of the largest data breaches in history hackers first gained access to a network of small business who were third party contractors of the larger businesses who were ultimately targeted. Those two data breaches were Target and Home Depot. The business initially hacked in the Target Data Breach was Fazio Mechanical Services, an HVAC company hired to work on the heating and cooling systems at only a few Target locations around the Pittsburgh area. In the Home Depot Data Breach, the name of the third party company was never released. The company provided credit and debit card processing for their self-check-out registers. Both companies had been breached months prior to the hack of the larger company. This is becoming one of the most common ways large companies are breached.
In relation to your business, even if you do not work with larger businesses you are still at risk of being a target for hackers. Hackers can use the sensitive information of your customers in many ways no matter how many customers you have. Taking proper precautions and insuring your business properly are a crucial way to protect your business from these risks and the risk can be extreme. According to the Ponemon Institute, the leading independent cyber security think tank, it costs a business on average $174 per record stolen. Considering these numbers, it would cost your business more than $17,000 if you lost the records of just 100 customers. If that were 1,000 records it would cost $174,000. If that is not a cost your business can withstand then you need to be taking the proper steps to prevent this from happening to your business. Creating a proper cyber awareness program and securing the proper insurance policies are a great start to protecting your business. Here are five simple things your business can do to prevent a data breach.
Create a message early and often
Preventing hackers from accessing your sensitive material starts with your new hire training, right before or after you explain to the new employees how does workers comp work. and should continue as long as any employee is a part of your organization. If you make it clear from the beginning of employment that cyber awareness is important to your organization they will take it more seriously when working for you. If you follow up on that message periodically to the entire staff it will reinforce the message.
Following up on this message is important to consider if you are thinking about enacting a new cyber security awareness campaign throughout your workforce. Any employee who uses a computer should be a part of the training. This includes high level employees. Many employees are highly competent at their job, but are not very computer savvy. Many high level employees, who have access to the most sensitive data within your organization, are not well equipped to defend your business against hackers.
Help employees protect their work space
Logging out and locking up a work space is crucial first step for all employees. Even in the case of an employee just stepping away for a moment to go to the restroom, it is vital to always lock up all devices. In most business settings, customers, partners and other employees are constantly present in the office. All of those people could potentially gain access to a computer through that employees log in and wreak havoc to your business. In addition to locking down all devices, it is also important to protect non-technological parts of your workspace. Never allow employees to write down passwords on a post-it note or some other piece of paper. There may be cleaning businesses that come in to the area afterhours and could use that information to gain access to the internal programs.
Secure proper commercial insurance
Accidents happen. If you are in business long enough it is more a question of when and not if your business will have an occurrence that requires an insurance claim. General liability and workers comp insurance are required by law for most businesses in most states across the country, but those policies are not all encompassing. Just like you need to buy additional coverages if your business owns a vehicle or some special type of equipment, you need to buy additional coverage to protect your business from the damages of a data breach. There are two specific policies that are usually sold in tandem. One covers the damages to you and your business and the other covers the liability you face to third parties damaged by the breach. There are certain minimum requirements that you are legally obligated to provide to those damaged by a breach at your business. For most businesses this cost alone will sink their business without proper coverage.
Require extremely secure passwords and give your employees examples
Passwords need to have a bare minimum set of requirements. It is usually best to give your employees examples of what you want. What may seem secure to one employee is not acceptable across the board. Here are some examples of password you can use to demonstrate strong and weak passwords.
This would be an example of a password that is extremely secure.
This would be an example of a password that is a little less secure, but easier to remember.
JoeSmith or password
These are examples of terrible passwords that should never be used.
Many people find something similar to the middle password. Depending upon the time of year they can change the word soccer to baseball or Summer. As long as you are keeping the other numbers and special characters extremely random, it is difficult for hackers to hack through these secure passwords. It is important to give your employees concrete examples of good and bad passwords. Never assume someone is computer savvy or that they take cyber security as seriously as you do.
Shred all physical materials
Shredding is extremely important to adequately protect your business and your customer’s sensitive information. This is not a difficult task to implement in to your business. Most cities and towns have third party businesses that can dispose of the shredded material properly. Some even offer a recycling option which you can use to promote your business as green friendly. Some customers will appreciate this and it will add to your credibility in their eyes.