Thanks to Oliver at disastersafety.info for a guest post today.
If customers don’t trust your business to protect their personal data, they’ll go elsewhere. It’s a hard truth that a growing number of small business owners are realizing: According to Experian, the number of data breaches occurring each year has more than doubled since 2015, and small businesses are a common target.
Small businesses that suffer a data breach struggle to recover. A 2018 report from Kaspersky Lab found that data breaches cost small business $120K on average — a sum that leads many small businesses to close up shop.
Even if your business can handle the financial blow of a data breach, it may never regain customers’ trust. Identity theft leading to credit card fraud is a common outcome of small business data breaches. After coping with the financial and emotional distress of identity fraud, consumers are reluctant to return to the business that exposed their sensitive data.
The Right Way to Respond to a Data Breach
The steps you take in response to a data breach has a big impact on your business’s longevity. If you want to preserve your small business’s reputation and recover financially, these are the steps to take.
1. Deploy your incident response plan
If you’ve prepared for a data breach, you’ll have an incident response plan and IT staff trained to enact it. Unfortunately, many small businesses don’t take this step before their first data breach.
If you don’t have an incident response plan in place, don’t improvise. You could make the situation worse or make it impossible to identify the source and scope of the breach. Instead, hire digital forensic specialists who can determine where a breach came from, stop the breach, and recover lost data. Contracting with a team like Secure Forensics is also a smart move for businesses too small to warrant a dedicated IT team.
2. Notify the authorities
Small businesses affected by a data breach have a legal responsibility to notify the authorities. Use this map to find the data breach notification laws in your state.
3. Inform affected customers
Never hide a data breach from your customers. The sooner you inform customers their data has been compromised, the better they can protect themselves against identity theft. Letting your customers learn about a data breach from a third party also degrades trust in your business.
The right response, on the other hand, mitigates damage to your small business’s reputation. Kroll explains how to notify customers of a data breach in a way that both helps your clientele and rebuilds confidence in your business.
Preventing Future Data Breaches
You might think your small business can’t stop a determined hacker from gaining access to your data. However, internal errors are at the root of most data breaches. Negligent employees and contractors are behind 48 percent of data breaches, and problems with internal systems contribute to 35 percent of breaches. By addressing these internal weaknesses, small businesses can greatly reduce their vulnerability to data breaches and fraud.
These are the steps to take to prevent another breach:
1. Conduct a risk assessment
In order to mitigate risk, you need to know where it is. If you have an IT staff with the expertise to run a cybersecurity risk assessment, make the task a priority. Otherwise, hire a company that can identify vulnerabilities and find solutions to your small business’s security risks.
2. Train employees
Do your employees and contractors use strong passwords, know how to identify suspicious emails, and understand the importance of protecting company-owned devices? Regular training is key to eliminating internal vulnerabilities.
3. Protect credit card data
In addition to using PCI-compliant payment processing, small businesses should protect customers’ payment data by using chip-enabled credit card readers, avoiding storage of credit card security codes, and encrypting all stored credit card information.
Preventing data breaches and fraud should be a top priority for any small business that handles customer credit cards, email addresses, and other sensitive data. With proper cybersecurity measures and employee training, many data breaches can be avoided. And when prevention isn’t possible, the proper response and the right team of professionals gets your business back on track.
Image via Unsplash