A data breach can be catastrophic to a small business

If you’re using the Internet, your customer’s data – along with all of your company’s sensitive information – is vulnerable to attacks. As a business owner you collect customer data every day.

Although not widely publicized, the majority of data breaches happen to small and mid-sized business. Surprised? Consider this:

  • According to the Small Business Administration, 44% of small businesses have suffered some degree of data breach and those companies had costs averaging $8,700 to repair the damage
  • 72% of all data breaches each year occur in smaller companies
  • One third of U.S. retailers that experienced a data breach within the past year were compromised via third-party vendors
  • 65% of businesses go without data breach insurance – even though most of them cite data breaches as their number one concern
  • On average, 30,000 websites are hacked every day and distribute malicious code to any users passing by

When a small business suffers a data breach the fallout can be catastrophic. A single breach can trigger a variety of financial damages including:

  • Lawsuits (and the attendant legal costs) from clients whose data and security were compromised. These alone can reach into the thousands of dollars and beyond.
  • Site repair costs to address security issues that allowed the breach to happen.
  • Public relations and / or advertising costs to restore the company’s image among current and potential clients.
  • Lost confidence and lost future business from current and potential clients whose confidence is shaken by the data breach.

Data breaches can happen in a number of ways:

  • You or an employee opens an email that contains a damaging virus which spreads itself to everyone on your contact list, including clients. The virus hurts your business’s computer system as well as your clients.
  • A disgruntled employee or former employee who left on bad terms accesses your system, encrypts your data or otherwise wreaks havoc.
  • A virus compromises your company website forcing you to redo the site.
  • A hacker finds a way into your system and outright steals data from your files.  Hackers often see small businesses as prime targets because the data they store is typically less diligently protected than the data held by large corporations.

Any of these scenarios could cause your clients financial loss, open your business to lawsuits, force you to shut down operations while you address the problem and damage your reputation with current and prospective clients. The associated costs could quickly spiral out of control.

Tips to Manage Your Cyber Security Risks

Adopt a privacy policy and implement the following “best practices” to help reduce your risk of a breach:

  1. Lock and secure sensitive customer, patient or employee data
  2. Restrict employee access to sensitive data
  3. Shred and securely dispose of customer, patient or employee data
  4. Use password protection and data encryption and update regularly
  5. Update systems and software on a regular basis
  6. Use firewalls to control access and lock-out hackers
  7. Ensure that remote access to their company’s network is secure
  8. Invest in cyber liability insurance. Most CGL policies do not include cyber risk coverage or offer only limited coverage without an endorsement.

Check with The Head Insurance Group, Inc., 303-955-2651, for a free review. Either an endorsed CGL policy or a stand-alone Cyber Risk policy will help pay for the legal and recuperative costs associated with a data breach that affects your company.

Data breach notification is a good privacy practice

Notifying individuals when a data breach involves their personal information supports good privacy practice and in many states is the law.  Prompt notification may help individuals restore control over their personal information.  Once notified, the individual can change passwords or account numbers, monitor accounts, or request the reissue of documents.  Notification can also demonstrate to the public that the business takes the security of personal information seriously and is working to protect affected individuals from the harm that could result from a data breach.

At least 85 % of small businesses share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services.  Even though sensitive information is more likely to be compromised when the data has been outsourced, 62% of small businesses do not have contracts with third party providers that require the third parties to indemnify the business and/or cover all the costs associated with a data breach.

The primary causes of data breaches are:

  • lost or stolen laptops, removable storage devices, or paper records containing personal information
  • hard disk drives and other digital storage media being disposed of or returned to equipment lessors without the contents first being erased
  • databases containing personal information being ‘hacked’ into or otherwise illegally accessed by individuals outside of the agency or organization
  • employees accessing or disclosing personal information outside their authorization
  • paper records stolen from insecure recycling or garbage bins
  • mistakenly providing personal information to the wrong person by sending personal information to the wrong email address

Colorado as well as 47 other states have enacted security breach notice laws.  In addition to state law, federal law requires notice for certain types of data breaches.

Tips to Manage Your Cyber Security Risks

Adopt a privacy policy and implement the following “best practices” to help reduce your risk of a breach:

  1. Lock and secure sensitive customer, patient or employee data
  2. Restrict employee access to sensitive data
  3. Shred and securely dispose of customer, patient or employee data
  4. Use password protection and data encryption and update regularly
  5. Update systems and software on a regular basis
  6. Use firewalls to control access and lock-out hackers
  7. Ensure that remote access to the company’s network is secure
  8. Invest in cyber liability insurance.  Most CGL policies do not include cyber risk coverage or offer only limited coverage without an endorsement.

If you are not certain that you have the right coverage in place for your business, give us a call today.