3 min read

7 Tips for Reducing the Risk of Data Privacy Breaches

Dec 18, 2013 3:25:00 AM

data privacyDuring 2012, 55 percent of small businesses experienced at least one data privacy breach and 53 percent encountered multiple breaches, according to the Ponemon Institute. Despite this, the National Small Business Cybersecurity Study found that only 10 percent of small businesses have an allocated staff member who is responsible for online and cyber security.

To further aggravate the problem, many small companies have a 'bring your own device' (BYOD) policy, and workers own (and bring to work) more devices than ever before, including laptops, cell phones, and tablet computers. Skilled hackers can access the company network through a company email account and extract or erase sensitive data, and you are susceptible whether you are storing data through a cloud service or internally.

There is an obvious need for small business owners to take greater steps to reduce data privacy breaches. The good news is that there are a few steps you can take to dramatically reduce the risk of a data privacy breach.

1. Store sensitive data securely

Removable storage devices, including thumb drives and CDs, should be kept with paper files in a secure area such as a locked cabinet, drawer, or safe. Restrict access to these areas to only those who have the need for the information.

2. Create a comprehensive network security policy

Your network security policy should:

  • Make sure that all employees, partners, and owners have a solid understanding of what data the business has and owns, and which of this shareable.
  • Specify changing the network password periodically while ensuring that no employees are saving the password on handwritten notes or computer files.
  • Feature standards for remote access to the network.

Remind employees of details of the policy on a regular basis to avoid an unintentional data privacy breach.

3. Use data protection tools

You can assume that any cyber thieves will be experts at finding weaknesses in your system. Installing and regularly testing encryption software is essential to protect data that is on a computer and being transmitted. You should also install a firewall to secure against unauthorized access between your network and the Internet. Solutions can be inexpensive or can cost thousands of dollars to protect highly sensitive data.

4. Conduct background checks

One of the main causes of a privacy data breach is workers, vendors, or contractors. You should conduct a background check on anyone who needs to access your confidential information. You can then create levels of users within the network and assign appropriate access. Everyday tasks, like checking emails, should always be completed through a separate rights account than the one used for accessing confidential data.

5. Properly dispose of sensitive data

You cannot simply reuse or recycle equipment and documents without taking security measures. Papers containing sensitive data must be shredded and devices cleared of information. This may seem obvious, but improperly deleting data from computers and storage devices is a common mistake that can lead a hacker to uncover information you thought no longer existed.

6. Get covered with insurance

Even if you have taken all of the above steps, you are never completely safe from a data privacy breach. Use a third party to build an insurance program that will protect you from the costs of cyber liability.

7. Develop an incident response plan

An incident response plan should include details about where and how confidential information is stored, how data is backed up, and who has access to the data. It should also feature a list of contacts whom you will need to notify immediately such as law firms, credit monitoring companies, forensic data experts, and public relations firms. Responding quickly to an attack will help you get back on your feet as soon as possible and minimize the damages.

Data privacy breaches are not just inconvenient - the cost to recover from them can be significant and the interruption to the normal flow of your business substantial. By taking the steps outlined above, you can greatly reduce the risk of a data privacy breach to your business.

New Call-to-action


Written by Gibson

Gibson is a team of risk management and employee benefits professionals with a passion for helping leaders look beyond what others see and get to the proactive side of insurance. As an employee-owned company, Gibson is driven by close relationships with their clients, employees, and the communities they serve. The first Gibson office opened in 1933 in Northern Indiana, and as the company’s reach grew, so did their team. Today, Gibson serves clients across the country from offices in Arizona, Illinois, Indiana, Michigan, and Utah.