As if small business owners needed anything else to worry about this holiday season, Experian ® Data Breach Resolution (a partner company of Experian® and a leader in the data breach resolution industry) has a warning: As holiday shopping creates a surge in transactions, small businesses need to be diligent about preparing for a cyber-attack. With more and more large corporations putting a bigger chunk of their resources into cyber-security, those nasty folks looking to skim accounts will need a new victim. And it could very possibly be your small business.
The holiday shopping season not only brings a boost in sales but also an increase in cyber theft. Thieves prefer to target small- to medium-sized businesses because so many lack the resources or expertise to manage cyber-security effectively. Retailers are especially vulnerable to cyber-criminals who want to hijack credit card data. Unfortunately, customers aren’t the only victims. Among small businesses that suffer a breach, a staggering 60 percent go out of business after six months. For that reason alone, small businesses need to pay extra attention to data security during the holidays.
Even though the business might be small, the amount of data you have stored is not. Everything from customer and employee records to vendor account information could be at risk.
Michael Bruemmer, vice president at Experian Data Breach Resolution, says it’s important to not only try to prevent a breach, but also prepare for a breach, just in case. Bruemmer also says small businesses are increasingly targeted, further raising their need to focus on data security. Here are some of his low-cost suggestions for preventing and managing a data breach:
1. Conduct a risk assessment. Identify the most sensitive information that could be at risk. Victims whose payment cards and Social Security numbers were compromised suffered the highest rates of related fraud. Small businesses should understand the data most likely to be targeted and prioritize what is needed to protect that data.
2. Put plans in place. Investing time in developing a security and incident response plan can save on hard costs later. There are many resources available to help small businesses get started, including Experian’s free Data Breach Response Guide.
3. Understand the problem (and make sure your employees understand it, too). The National Small Business Association’s 2013 Small Business Technology Survey states that nearly a quarter of small businesses acknowledged “little to no understanding of cyber-security.” Anyone’s actions could create vulnerabilities. Train employees on security precautions, including bring-your-own device (BYOD) policies.
4. Consider cyber insurance. Small businesses generally don’t have a risk manager or IT department dedicated to data security. A good cyber insurance policy can help mitigate cyber-security risks.
5. Listen to the experts. Make a list of outside partners that can be contacted when a data breach occurs. Engaging experts in legal counsel and resolution consulting can help businesses prepare to respond quickly and effectively after a breach, which may mitigate regulatory fines, lawsuits and reputational damage. These consequences could result in potentially significant financial losses.
This article was originally published by Susan Solovic
Published: December 3, 2013