During 2012, 55 percent of small businesses experienced at least one data privacy breach and 53 percent encountered multiple breaches, according to the Ponemon Institute. Despite this, the National Small Business Cybersecurity Study found that only 10 percent of small businesses have an allocated staff member who is responsible for online and cyber security.
To further aggravate the problem, many small companies have a 'bring your own device' (BYOD) policy, and workers own (and bring to work) more devices than ever before, including laptops, cell phones, and tablet computers. Skilled hackers can access the company network through a company email account and extract or erase sensitive data, and you are susceptible whether you are storing data through a cloud service or internally.
There is an obvious need for small business owners to take greater steps to reduce data privacy breaches. The good news is that there are a few steps you can take to dramatically reduce the risk of a data privacy breach.
1. Store sensitive data securely
Removable storage devices, including thumb drives and CDs, should be kept with paper files in a secure area such as a locked cabinet, drawer, or safe. Restrict access to these areas to only those who have the need for the information.
2. Create a comprehensive network security policy
Your network security policy should:
- Make sure that all employees, partners, and owners have a solid understanding of what data the business has and owns, and which of this shareable.
- Specify changing the network password periodically while ensuring that no employees are saving the password on handwritten notes or computer files.
- Feature standards for remote access to the network.
Remind employees of details of the policy on a regular basis to avoid an unintentional data privacy breach.
3. Use data protection tools
You can assume that any cyber thieves will be experts at finding weaknesses in your system. Installing and regularly testing encryption software is essential to protect data that is on a computer and being transmitted. You should also install a firewall to secure against unauthorized access between your network and the Internet. Solutions can be inexpensive or can cost thousands of dollars to protect highly sensitive data.
4. Conduct background checks
One of the main causes of a privacy data breach is workers, vendors, or contractors. You should conduct a background check on anyone who needs to access your confidential information. You can then create levels of users within the network and assign appropriate access. Everyday tasks, like checking emails, should always be completed through a separate rights account than the one used for accessing confidential data.
5. Properly dispose of sensitive data
You cannot simply reuse or recycle equipment and documents without taking security measures. Papers containing sensitive data must be shredded and devices cleared of information. This may seem obvious, but improperly deleting data from computers and storage devices is a common mistake that can lead a hacker to uncover information you thought no longer existed.
6. Get covered with insurance
Even if you have taken all of the above steps, you are never completely safe from a data privacy breach. Use a third party to build an insurance program that will protect you from the costs of cyber liability.
7. Develop an incident response plan
An incident response plan should include details about where and how confidential information is stored, how data is backed up, and who has access to the data. It should also feature a list of contacts whom you will need to notify immediately such as law firms, credit monitoring companies, forensic data experts, and public relations firms. Responding quickly to an attack will help you get back on your feet as soon as possible and minimize the damages.
Data privacy breaches are not just inconvenient - the cost to recover from them can be significant and the interruption to the normal flow of your business substantial. By taking the steps outlined above, you can greatly reduce the risk of a data privacy breach to your business.