One in five businesses have suffered a data breach or cyber attack and if you ask most business owners they will tell you they are prepared! Really?? Think about that. Twenty percent of all businesses have suffered a loss of their clients personal and private information.Let’s talk about how a data breach can ruin your business and take a look at some statistics of data breach:
- Facebook – 50,000,000 Client Records Exposed – Social Network
- MyHeritage – 92,283,889 Client Records Exposed – Genealogy
- Google Plus – 500,000 Client Records Exposed – Social Network
- Orbitz – 880,000 Client Records Exposed – Travel
- Marriott/Starwood – 500,000,000 Client Records Exposed – Hotel
- TicketFly – 26,151,608 Client Records Exposed – Event Ticket Distribution
- T-Mobile – 2,000,000 Client Records Exposed – Mobil Communication
- Panera – Unknown Number of Client Records Exposed – Restaurant
- Saks Fith Ave/Lord and Taylor – 5,000,000 Client Records Exposed – Clothing Stores
An impressive array of who’s who in todays commerce market place! What do they have in common? All of these businesses suffered the data breaches mentioned above in 2018! Did you notice how there’s no one type of business that’s singled out? From clothing stores to hotels, from travel services to social networks, cyber risk or data breach knows no boundaries. No business, large or small is immune.
What is a Data Breach?
According to Missouri State Statute and some specific information taken from the Missouri Secretary of States website, a data breach in Missouri is a:
- “”Breach of security” or “breach”, unauthorized access to and unauthorized acquisition of personal information maintained in computerized form by a person that compromises the security, confidentiality, or integrity of the personal information. Good faith acquisition of personal information by a person or that person’s employee or agent for a legitimate purpose of that person is not a breach of security, provided that the personal information is not used in violation of applicable law or in a manner that harms or poses an actual threat to the security, confidentiality, or integrity of the personal information; Personal information is a combination of (1) name or other identifying info, PLUS (2) one or more of these “data” elements: SSN; driver’s license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes PLUS medical data.”
Of course this is just information taken from Missouri. Broader definitions may apply to your specific situation.
What Causes a Data Breach?
Data breaches or loss of personal information may occur because of a variety of reasons. Typical reasons that a data breaches occur at a business include:
- Poor handling of customer personal information;
- Inadequate security and protection of a clients data;
- Improper disposal of outdated client documents;
- Improper disposal of your outdated computers, disks and other electronic files that may contain client personal information;
- Theft of your company computer equipment and sale of client data held on those computers;
- Current employee theft of client information;
- Ex-employee theft of client information;
- Hacker attacks on your internal stored client information;
- Hacker attacks on external stored client information;
- Digital viruses and other methods are used to steal client payment and credit card information at the time of a purchase or order.
Do not underestimate those who want to prey on your clients personal information by hacking into your businesses network, personal computers and servers. You need to believe that it really is a war of small business against the bad guys!
What Does a Data Breach Cost Small Business?
A 2017 Poneman Institute Report of Cybersecurity in Small and Medium Sized Business indicates that 61 percent of respondents surveyed indicate that their companies experienced a cyber attack in the previous 12 months. The report goes on to indicate that those businesses incurred an average of more than $1,000,000 because of damage or theft of IT assets.
Think of this, Travelers Insurance Company indicates that:
- 1 in every 3 data breach incidents happen to businesses with less than 100 employees;
- And 60% of small businesses that suffer a cyber attack or data breach will have to close up their business within 6 months following an attack.
- $217 is the average cost for each client record exposed or compromised.
Let’s do some math. If your company holds 300 customer files with personal information and you suffer a data breach loss, if you’re average, that means you will potentially spend $65,100 on legal, notifications and other steps you must take. That’s a small business! What if your business holds information on 1000 clients? $217,000!
Cyber attacks not only have an associated direct monetary cost but there are additional, unexpected losses that may be incurred. Loss of income due to loss of business, loss of client trust in your business not to mention potential for law suits for damages are just a few of the additional costs a small business may incur.
Is Your Business Prepared?
In Missouri, any business that suffers a cyber attack data breach must discover whether personal information could be misused. The Missouri Secretary of State indicates that businesses are legally required to notify those affected by the breach as soon as possible by telephone, email or mail. If the breach affects more than 150,000 people or the cost of notification exceeds $100,000 then the business may use public service announcements rather than direct notifications to each individual involved. The Missouri State Attorney Generals Office and all consumer reporting agencies must be notified when a data breach affects more than 1,000 consumers.
Steps You Can Take to Protect Your Business From a Data Breach
I’d like to say it’s simple thing to properly protect your business from a data breach or cyber attack, but it is not. Most business owners do not realize that they are in a full scale war against cyber crime. A war against cyber hackers and those who want to steal their client’s information. But it’s not only their client’s information at risk as I’ve pointed out above.
Yes, it’s stealing. How about another word, robbery. How about theft? I’d venture to say most business operations are more prepared and ready to respond against a physical robbery or physical break in than a cyber attack. While the physical assault potential may have increased over the past few years, the opportunity for loss from cyber attacks has grown exponentially. After all, what crook wants to hold a gun in a business owners face when they can simply rob the business blind while sitting on their couch at home!
Kind of sad if you think about it. The crooks have moved ahead while so many business owners have not. The crooks or thief’s who practice cyber attacks and cyber theft or data breach are well schooled in the data protective measures available to small business owners. And they know how to breach a small business owners network. They know how to scrap client data. And they know how to sell that data to those who pay a top price.
So do the normal steps everybody preaches about in data protection really work? Not really sure about that except to say if you do not practice the basics how can you not be exposed to a higher potential loss from cyber attacks?
A few basic steps you must have in place to protect your business:
- Secure your hardware and business network:
- Passwords – Develop strong, complicated passwords for all applications;
- Firewalls – Implement strong firewalls to protect access;
- Antivirus – Implement and use strong antivirus software;
- Control Access – Give out limited access to your business network. Always know who has access and at what level;
- Encrypt online data.
- Identify potential risk threats to your business;
- Educate your employees to Cyber Risk Exposures;
- Back up your data;
- Update your network operating systems;
- Conduct Cyber Risk Assessments;
- Insure against Cyber Attacks and Data Breach – Protect your company by securing proper Cyber Liability and Data Breach Insurance.
Nothing new here! Of course if your company conducts online business, has gathered and uses online client data to conduct business transactions or otherwise has access or stores your client’s personal information you must develop a written cyber protection program. You should consult with Cyber professionals and look for external help in designing, implementing, monitoring and controlling your businesses risk exposures to loss from Cyber Crime.
Hope this helps you out! Thanks for reading!
Other Helpful Information about Cyber and Data Breach Exposures: