Data breach incidents are on the rise and they have small businesses dialed into their sites. In fact, 63% of all reported breach attacks in 2009 were perpetrated on companies with less than 100 employees, according to the U.S. Secret Service.
That’s not surprising considering that most small to mid-size businesses cannot afford sophisticated breach prevention measures. What is surprising to most business owners is that there are actually solutions available that are either no cost or low cost that can significantly reduce their exposure to data breach risks.
So pull your head out of your ASSets long enough to learn how to better protect your business from becoming a victim of a data breach.
According to the recently released 2011 Data Breach Investigations Report conducted jointly by the U. S. Secret Service and Verizon Communications Risk Team with additional data from the Dutch High Tech Crimes Unit, small businesses can better protect themselves against data breach incidents by implementing a few key measures. The findings actually support that most data breaches should never have occurred or could have been prevented.
Simple prevention measures include:
- Better training for employees and customers to recognize the signs of fraud.
- Creation and adoption of an incident response plan
- Restrict and monitor privileged users and contractors
- Change default credentials and network passwords often
Although companies such as Sony, Epsilon and TJ Maxx grab the front page headlines with their high profile data breach incidents, they more than likely will not go out of business because of it. Small businesses are different.
Take the case of Rich Griffith whose Burger Me LLC saw his business destroyed after a data breach incident occurred when his computerized cash register was hacked. The criminals made numerous unauthorized charges on Burger Me’s customer’s credit cards. Because of this Mr. Griffith’s credit card company refused to allow him to take credit cards and put a hold on his account effectively slowing cash flow to a trickle. Eventually, Griffith closed Burger Me and is now in debt over $12,000 for the cost of investigation and remediation costs, not to mention losing his dream.
In another case involving a Chicago newsstand operator, thieves targeted his registers with a software program that ubiquitously snatched the credit card information from his customers. The credit card information was then sent to Russia to use for fraudulent credit card transactions against his customers. The owner then was contacted by MasterCard and was informed that he needed to conduct an investigation which subsequently cost him $22,000. While he did not lose his 2 newsstands, he is burdened with a blow to his reputation and the costs associated with the breach.
These examples illustrate how vulnerable all small businesses are to the risks and costs of a data breach incident. Any business that accepts credit cards or stores any customer data such as emails, addresses, names of contacts, and FEIN numbers is at risk of having that data stolen and used against them. Cyber thieves see small businesses as ripe targets as they do not have sophisticated measures to combat their efforts. Thus, when a pizza place that takes credit cards over the phone or through their website, gets hacked it can cost their clients $1000’s in unauthorized charges, but it can also cost the pizza joint plenty to restore its reputation with customers not to mention the additional cost of investigations and notifying customers in a compliant manner. And yes 46 states now require some form of timely notification should a breach occur.
But it doesn’t have to be that way. There is a solution that does incorporate an all encompassing plan that can reduce the likelihood of a breach and should the worst happen, covers the business for certain costs associated with responding to and recovering from a data breach incident on their business.
IdentityIntact For Business is a data breach protection service platform that can assist businesses in educating their employees as well as provide insurance coverages that can defray the cost of investigations, compliant response and the defense of lawsuits associated with stolen data.
Because the service takes a far reaching approach to educate employees as well as provide insurance for the costs associated with data breach, IdentityIntact for Business can help to reduce the amount of risk exposure in the first place. They provide a Preparedness Toolkit that encompasses a wide range of templates and assessments that can be used by existing businesses to better prepare their HR and IT departments as well as help quantify the identifiable risks a business has with regards to its data security.
The main advantage to this plan over others that have popped up recently is not just that they have been perfecting the service since 1997, but in the fact insurance alone is not the end all be all of protection. Having all of your employees understand what spear phishing is (the use of look-alike emails and websites that can lure even the most loyal employee in to giving up sensitive information) or even making them aware that they need to change up passwords to sensitive data areas on a regular basis can significantly reduce your exposure.
The IdentityIntact for Business service plans give business owners additional tools that they can create a reduced risk environment for data breach including:
- Information Security Review Protocols
- A written Information Security Policy template
- Red Flag Gap Analysis worksheets
- Templates for writing a Red Flag Plan for Detection, Prevention and Mitigation of Identity Theft for Covered Accounts
- Policies and Procedures for Incident Response
The goal is to assist businesses Protect, Prepare and Respond to data breach risks in a way that simplifies the issues and identifies where there are serious gaps in security or procedures. This invaluable instrument is only made better by the inclusion of insurance coverage options including:
- Business Identity Fraud Insurance
- Information Security & Privacy Liability Insurance
- Employee (Personal) Identity Fraud Insurance
- Data Breach Incident Response & Consumer Remedies
Data breach doesn’t have to destroy a business and having protection for such an incident can actually be a selling point when dealing with other companies. I can see a day coming soon when a data security review will be as prevalent as a credit reference check and possibly more important in the long run. When businesses decide to work with one another, particularly those that must pass certain sensitive data to complete their tasks, a review of data security will most certainly be included prior to the partners actually doing business. This level of scrutiny is not the case today, but I see it happening in the near future and affecting small businesses ability to move forward with their business models. If your data is not secure and you don’t already have a data breach preparedness and response plan in place now, you will very soon.
I highly suggest you take a look at IdentityIntact for Business as a way for you to be able to protect your business and also as a major selling point when working with other businesses. It’s your ASSets and they need protecting.