News

Small business data breaches becoming inevitable: Prevention and preparation strategies

Businesses in general have always been high on the priority list for cybercriminals. The amount of valuable, sensitive data shared, stored and accessed by these groups is simply more lucrative for hackers than attacks on individual users.

However, recent industry research shows that small and midsize companies are now increasingly the victims of data breaches as cyberthieves target these groups more, according to InformationWeek. Symantec researchers discovered a considerable rise in the number of small and medium business attacked last year, and projected that even more smaller organizations will experience a breach this year.

Bill Wright, Symantec director of government affairs and global cybersecurity partnerships, noted that there was a 61 percent increase in the number of attacks seen on small and midsize businesses from 2012 to 2013. The timetable for these security incidents rose as well. In the past, infiltrations of smaller organizations usually lasted four days. Now, these attacks last closer to eight or more days, as part of a "low and slow" strategy aimed at lessening the chances of discovery, InformationWeek stated.

The impacts of a data breach
Whether the victim is a small mom-and-pop company or a large enterprise firm, the effects of a data breach are largely the same. The affected organization will have the deal with the costs associated with the security incident, including paying any fees if they are found non-compliant with industry standards, as well as the price of bolstering their network protections.

However, one of the most damaging impacts involves the business' reputation and how they appear to customers post-breach. Specialty insurance professional Valerie O'Shoney noted that organizations should be most worried about the effects the breach has on the group's prominence and influence, according to Access.

"Once customers are notified that their information has been breached, they are understandably concerned and upset," O'Shoney said. "Damage control is critical to mitigate the impact of a breach both on the victims and the business' reputation."

Prevention and preparation: Steps to take before a breach
However, before worrying about how the press will spin the breach, small and medium companies should work to prevent a breach, and institute policies to prepare if they do become victims of cybercriminals.

Forbes contributor Adam Levin recommended leveraging the three M's of data breach prevention: minimize, monitor and manage. Company leaders must work to minimize their threat of data exposure, continuously monitor protections and manage the damage connected with a breach.

Through employee training, limited access to sensitive content and implementation of two-factor authentication, small businesses can minimize their exposure risk. By performing regular tests, setting up alerts to flag suspicious activity and vetting third-party vendors, organizations can better monitor their security.

When it comes to managing the damage, many small and midsize companies prefer to have an "it won't happen to me" approach. However, Levin noted that these days, a breach is nearly inevitable, but how a group deals with it could make all the difference.

"Make no mistake, everyone will probably experience some sort of a breach in the coming years, if they haven't already, so don't rely on best practices to prevent future problems," Levin wrote. "Create a plan before you can an issue in order to make sure you can deal with it."

This plan should include investigating the cyber liability or damage control program offered by insurance firms, and looking into what such a plan would cover. Additionally, Levin recommended understanding the reporting requirements of the business' industry. Decision-makers should also decide ahead of time how they will handle media calls, as well as questions and concerns from employees and customers. Lastly, the plan should also have details pertaining to what the company will do to mitigate the issues of those impacted by the breach.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!