Small businesses are prime targets for data breaches

How seriously are you taking the risk of a data breach? If you think it can’t happen to your company, consider the following. According to Verizon’s 2011 annual Data Breach Investigations Report, organizations with between 11 and 100 employees reported 436 data breaches last year  –  almost six times as many as organizations with between 101 and 1,000 employees

Making the situation even more serious is the fact that today’s data breaches are no longer the work of hackers trying to make a name for themselves.  Patrick Gray, a senior security analyst with Cisco who spent 20 years with the FBI, points out that the Internet is under threat from organized crime out for financial gain.

Despite the threat, many small business owners are not concerned about the possibility of a data breach; nor are they planning to take any preventive measures. The Hartford recently conducted a survey of 501 small business owners with fewer than 50 employees. The survey found that 85 percent of respondents believe a data breach is ‘unlikely’ and many are not implementing even simple security measures to prevent one.

Don’t be an easy target

While small business owners may lack concern about data breaches, six out of 10 surveyed by The Hartford indicated that having one would compromise customer relationships. They also said they have a more negative opinion of companies that recently experienced a breach based on the way they handled it.

With so much at stake for your business — downtime, loss of critical and sensitive customer and employee data, and your reputation — you don’t want to wait for a breach to occur. There are relatively simple steps you can implement in little time to protect your data.

• Start with a shredder: Paper media is still a big source of data breaches. Be sure to shred all documents that contain sensitive data before disposing of them.

• Update systems and software regularly:  Hackers take advantage of unprotected systems.

• Have a privacy policy: Your plan should provide guidelines on what kind of work can be performed by employees using their own personal devices (Bring Your Own Device or BYOD).

• Restrict access: Determine who has access to sensitive data.

• Secure remote data access: Data is even more vulnerable today because of the increase in mobile data access. Encrypt data so it won’t be compromised and use password protection. Also ensure that the remote access to your company’s network is secure.

• Limit customer information requirements: One way to protect your customers is to limit what information you require of them. For example, if you don’t really need their social security number,  don’t store it.

• Backup:  On a regular basis, backup your data and consider storing backup files in the clouds to ensure security.

• Add a firewall: Firewalls protect your data from hackers, viruses and malicious software. Choose between hardware or software or some combination of both.

Even with the very real threat of a data breach, all is not grim.  It’s easy to protect your data and stop an attack in its tracks.