Even with our modern advances in firewalls, anti-virus software, and spam blockers, the importance of data security has only become more and more poignant in recent years. Remember the data breach at Target last November? If you were personally put at risk (or worse), chances are you won’t be forgetting it anytime soon. I wouldn’t want to be in the shoes of Target reps right now, not with the recent resignation of the CEO, wavering support from their shareholders, and news headlines like “Has Target Learned Its Lesson?” and “Support for Target’s Board Members Narrowed.”
But what if this happened to me and my business?
The Target data breach is just one of many costly, embarrassing, and detrimental data breaches. A Fortune 500 corporation like Target may be able to survive and recover from a breach, but a small business like mine would face a much more potent horror – we could be crippled or lose the business altogether (not to mention the damage to any clients who are also victim). And in fact, breaches are much more common in small businesses than in Target-sized corporations. According to the Verizon 2013 Data Breach Investigations Report, 62% of smaller organizations were aware of breaches that affected them (and this figure would certainly rise if you include those unaware but still affected by a breach).
In an article on CPA Practice Advisor, Greg Sullivan notes, “Cyber attackers no longer hack systems simply to achieve notoriety. They run their operations like a business and want to find ways to maximize the return on their investments.” This statement is in keeping with Verizon’s report, which says that “75% of attacks are opportunistic — not targeted at a specific individual or company — and the vast majority of those are financially motivated.” So, in other words, if you give them opportunity, they’ll take it. Therefore, small business with limited resources have a much higher potential for becoming a target (no pun intended!)
Most of us all employ traditional preventative measures. Yet, times have changed. As our methods for storing data evolve, so do the methods of attackers. Brian Dye, Senior VP of information security for Symantec(makers of Norton Antivirus), has made a startling declaration: antivirus software is dead. By this statement, he points out that cyber attackers are using methods that supersede our soon-to-be-archaic traditional methods of security. This calls for a refresh in our security protocols if we want to keep our businesses and our clients safe. Security protocols should not only include prevention, but also swift and clear damage control in the event of a breach (which is just about inevitable). As CPA Practice Advisor recommends: “Every small business should have a crisis management plan in place that centers on transparent communication between management, employees, stakeholders, customers, and anyone else who may be affected.”
What should that plan entail? Next post, we will take a closer look at the recommended methods for protecting your business, and also address the overlooked necessity of having a plan in place for damage control.
Image courtesy of chanpipat / FreeDigitalPhotos.net
