How To Protect Your Small Business From a Data Breach

Updated on May 14th, 2021
How To Protect Your Small Business From a Data Breach

Data security is arguably the fastest growing threat for your business. And, for good reason. Despite all of the attention on high-profile data breaches, like Target or JPMorganChase, 9 out 10 data breaches involve small businesses.

Why would cyberciminlas go after a small business though? These risks aren’t common knowledge to mall business owners.Because of that, they don’t have the resources to thwart these attacks.

Ultimately, being a victim can damage your reputation, decrease revenue, among a few things.

Instead of waiting until it’s too late, here’s how you can protect your small business from a data breach.

Educate yourself and your employees.

“Cyberattacks are becoming more and more sophisticated and it’s easy

Educate yourself and your employees.

to be fooled by emails, links and attachments that look like everyday business requests,” says Norman Guadagno, chief evangelist, Carbonite. “It only takes one click for malware, viruses and ransomware to in infiltrate your system, compromising important business data.”

With that in mind, “the first step in protecting your data from cyber attacks is educating your employees to make sure they’re up to date on the latest methods being used by cybercriminals,” he says. “One of the best ways to do this is by creating real life scenarios to test employees’ ability to detect a phishing email or suspicious links. This will help you gain insight into common mistakes and identify areas for improvement.”

Christopher Roach, managing director & national IT practice leader, CBIZ Risk & Advisory Services, also suggests that you think about “hiring a third-party to conduct social engineering or facility breach exercises, [which] can help you understand whether your security policies and awareness programs will actually prevent outsiders from obtaining valuable client information directly from your employees.”

Know what data you have and where it’s stored

Understand the data.

If you’re like a majority of companies you have data stored in multiple locations. However, not knowing the exact location of this sensitive or private data, such as such as credit card numbers, as well as any personally identifiable information (PII) that can be linked to an individual, is a major concern among security experts.

In fact, a mere 16 percent of organizations know where all of their sensitive structured data resides. Also, “a miniscule seven percent knowing the location of all sensitive unstructured data, including data in emails and documents.”

Steve Robb recommends on PCI Compliance Guide that you assign a specific individual to be responsible and accountable “for monitoring and protecting the sensitive data your business handles.”

You can also create “a simple spreadsheet that documents the various types of sensitive data your business is handling, its location, and who has responsibility for it. Be sure to review this spreadsheet on a quarterly basis at minimum, to ensure that the information it contains remains current.”

And, never “store cardholder data, period.”

Never transmit unencrypted data.

“Encryption tools are very useful in keeping valuable information hidden from cyber criminals, because it renders the data inaccessible to prying eyes,” says Andra Zaharia for the Heimdal Security blog. Most operating systems already come with encryptions tools, such as the Windows-based BitLocker and the Macs FileVault.

However, if you ever have to transmit data, such as through email, make sure that it’s encrypted. And, never, ever transmit this information over public Wifi networks.

Outsource payment processing.

“Nearly every major attack against credit card data in the past few years has exploited a single, glaring vulnerability in the current payment industry infrastructure.

The fact that merchants are still permitted to handle actual credit card data in their systems,” says Dave Oder, President/CEO of Shift4 Corporation.

He adds that merchants need to “properly combine point-to-point encryption and tokenization technologies” whenever a card is swiped. This means that “the business never handles actual card data as the transaction is processed through the merchant environment. With only a secure token returned to the merchant, there is no more risk of storing cardholder information. This is because the onsite database only holds tokens that are meaningless and valueless to thieves.”

If that seems too complicated, avoid handling credit card data on your own and rely on reputable vendors. Do this regardless if it’s for point-of-sale or web payments. These companies have a security team that can protect sensitive data far better than you can.

layered security

Use layered security.

The first place to start when it comes to securing your systems is by creating strong and complex passwords. Strong and complex passwords use combination of numbers, upper and lower case letters, and special characters.

It’s also recommended that passwords should be changed at least every 90 days and never shared or written down.

After that, you may want to use multi-factor authentication. Some  use a password and another factor to verify identity; such as a series of questions or a fingerprint.

“Cybercriminal use all types of malware, including Trojans, Man-in-the-Middle, Man-in-the-Brose, and keyloggers, to get what they want, including personal data and payment details,” says Due co-founder Chalmers Brown. “Continue updating your tools to detect malware that may be present. Understand how cybercriminals use malware against your business. Focus on using malware detection solutions that can work in the background rather than relying on those options that involve user downloads or registrations.”

Don’t forget about physical information.

“We get so focused on online and cloud-based data protection that we neglect physical property like paperwork, hard drives, laptops, flash drives, and disks,” says Brown.” Make sure that these physical items are stored securely and not carelessly left out for anyone to grab, like in your garage or passenger seat of your car.”

Chalmers adds, “Like not storing personal data that you no longer need, you should also dispose of information that you no longer need securely.

“For example, if you’re a local pharmacy, then you would want to shred customer’s outdated prescriptions.”

Purchase adequate Data Breach Insurance.

“If you are in business long enough some type of accident is going to occur. It is not a matter of if, but when,” says Mitchell Sharp, Marketing Associate for Workers Compensation Shop.com. “That is no different in the case of a data breach. Most small businesses can have data breach insurance bundled with their other insurance for a relatively small amount,” he says.

“Depending on the size of your business this can cost as little as a few hundred dollars. That pales in comparison to the thousands it will cost to repair your business after a data breach occurs.”

John Rampton

John Rampton

John Rampton is an entrepreneur and connector. When he was 23 years old, while attending the University of Utah, he was hurt in a construction accident. His leg was snapped in half. He was told by 13 doctors he would never walk again. Over the next 12 months, he had several surgeries, stem cell injections and learned how to walk again. During this time, he studied and mastered how to make money work for you, not against you. He has since taught thousands through books, courses and written over 5000 articles online about finance, entrepreneurship and productivity. He has been recognized as the Top Online Influencers in the World by Entrepreneur Magazine and Finance Expert by Time. He is the Founder and CEO of Due.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.
Categories

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More