As Black Friday, Small Business Saturday® and Cyber Monday approach, and associated tidal wave of ecommerce transactions, businesses should be even more diligent about preparing for a cyber-attack
The holiday shopping season not only brings a surge in sales but often an increase in cyber-crime, and organizations of all sizes – including small businesses – can be victims of a data breach. Experian Data Breach Resolution, which has managed thousands of data breaches for clients, suggests small businesses pay added attention to data security to avoid providing unintentional “gifts” to those who might steal customers’ personally identifiable information (PII).
Thieves prefer to target small to medium – sized businesses (SMBs) because many lack the resources or expertise to manage cyber security. Retailers are especially easy targets for cyber criminals who look to hijack credit card data but customers aren’t the only victims. Among SMBs that suffer a breach, a staggering 60 percent go out of business after six months.
According to Michael Bruemmer, Experian’s vice president at Experian Data Resolution, “An organization categorized as a ‘small business,’ may still manage a large amount of confidential data, including customer and employee records, It’s critical for these businesses that they take steps to prevent a breach and prepare for the chance that a breach might occur. An incident response plan is a critical part of that preparation.”
Recognizing SMB’s are often challenged by limited resources, there are some low-investment approaches to preventing and managing a data breach:
- Conduct risk assessment — identify the most sensitive information that could be at risk. According to a recent study by Javelin Strategy & Research, data breach victims whose payment cards and Social Security numbers were compromised suffered the highest rates of related fraud. Small businesses should understand the data most likely to be targeted and prioritize what is needed to protect that data.
- Put plans in place — investing time in developing a security and incident response plan can save on hard costs later. There are many resources available to help small businesses get started, including Experian’s free Data Breach Response Guide.
- Understand the problem (and make sure your employees understand it, too) — the National Small Business Association’s 2013 Small Business Technology Survey states that nearly a quarter of small businesses acknowledged “little to no understanding of cybersecurity.” It is important that everyone in a business understands how their actions could create vulnerabilities. Train employees on security precautions, including bring-your-own device (BYOD) policies.
- Consider cyber insurance — SMBs generally don’t have a risk manager or IT department dedicated to data security. A good cyber insurance policy can help mitigate cyber security risks. Cyber insurance, however, is not meant to be a substitute for data protection and security policies.
- Listen to the experts — make a list of outside partners that can be contacted when a data breach occurs. Engaging experts in legal counsel and resolution consulting can help businesses prepare to respond quickly and effectively after a breach, which may mitigate regulatory fines, lawsuits and reputational damage. These consequences could result in potentially significant financial losses.
(excerpted from original post at www.experian.com)