Three steps small businesses can take to prevent data breaches.
By Ted Devine
These days, major data breaches seem to be a daily news story. Between breaches at retail giants like Target and massive bugs like Heartbleed, small-business owners may feel as if they have little or no control over their customer data or network security. And while it’s true that most data security experts now agree that data breaches for small businesses are a matter of “when” rather than “if,” it’s not true that small businesses are helpless in the face of hackers and cyber criminals. You can take steps to prevent data breaches.
In fact, Verizon’s 2013 Data Breach Investigations Report found that 78 percent of data breaches were classified as “low difficulty” by the hackers who carried them out. And many data security analysts consider that even Target’s breach could have been prevented with better security practices. Translation? We’re not putting up much of a fight to protect our data. But you can prevent data breaches.
The good news is that there are many ways small-business owners can protect themselves from the risks data breaches present. Even better? Many of the most effective prevention techniques to prevent data breaches are inexpensive or completely free.
Prevent Data Breaches
Here’s a look at three things you can do this week to prevent data breaches and vastly improve the security of your network and data.
1. Limit access to your data. Verizon’s 2013 Data Breach Investigations Report noted that 14 percent of data breaches are caused by “internal actors” – that is, people who work for your business. In addition, 35 percent of breaches involve physical hacks – a hacker’s physical presence at a machine with access to data. To prevent both types of breaches, provide access to sensitive information only to employees who actually need it. Limiting access may be as simple as adding password protection to certain files, not installing programs that employees don’t need, and keeping machines in locked areas when they’re not in use.
2.Pay attention to upgrade alerts. Yes, it can seem like a waste of time to upgrade your software every time you see an alert on your computer, tablet, or smartphone. But failing to upgrade as newer versions of software become available leaves gaping holes in your network. Upgrade to prevent data breaches. Often, upgrades are developed in response to holes that are discovered by security teams. They’re designed to protect users from hackers who want to get in through those holes. And consider this: as soon as a software developer releases a patch or update, it essentially publicizes where to find the holes and weaknesses in earlier versions. Upgrading may take a few extra minutes of your day, but it can prevent hours of headaches and thousands of dollars in and prevent data breaches costs.
3. Don’t underestimate the power of small security measures. Yes, there are some sophisticated hacking strategies out there that you may not fully understand. But don’t let the existence of such threats intimidate you: small, basic security measures are still some of the most powerful tools you have to fight hacking. Use strong passwords, update passwords regularly, invest in antivirus software, train employees how to recognize spam, and lock (with passwords) all machines that aren’t in use. Upgrade software as needed.
The Verizon study found that a whopping three quarters of data breaches are “crimes of opportunity,” meaning that they happened because hackers saw an easy target – that is, a network or computer that wasn’t protected by basic security – and decided to take the readily available data. Failing to implement basic security practices is the digital equivalent of leaving your wallet in an unlocked car with the windows rolled down. The basics go a long way toward keeping you safe to prevent data breaches.
Secure Data to Save Serious Money
So why should you be concerned about protecting your business and prevent data breaches? Here are four excellent reasons:
1.To preserve your reputation. Being hacked damages your reputation, even if the hack was not your fault. Winning new customers after a data breach is an uphill battle.
2.To avoid the costs associated with data breaches. State laws vary, but most require businesses to notify clients after a data breach. Some require businesses to pay for credit monitoring, and some charge statutory fines. The costs add up quickly for even small breaches.
3.To avoid a serious time-suck. Dealing with a data breach (writing customer notification letters, filing paperwork with state agencies, patching up your network) can take hours and hours. Wouldn’t you rather spend that time growing your business?
4.To maintain customer trust. Don’t make your customers regret working with you. Give them a reason to stay and recommend their friends by keeping their information secure.
About the Author
Ted Devine is CEO of insureon, the nation’s leading online agent for small and micro businesses. Prior to joining insureon, Devine held senior leadership positions at Aon Corporation and spent 12 years as a Director of McKinsey & Company. Check him out at Google+ or Twitter.