A recent Fortune Magazine analysis concluded that big businesses rarely see substantial effects on their bottom lines from information security breaches.
Even with a data breach that cost Target more than $100 million in 2014, the company’s loss amounted to less than 0.1 percent of its sales for that year.
The situation is dramatically different for small companies and entrepreneurs who do not have the luxury of size and scale to absorb that kind of loss.
Related Article: You Had an Ongoing Data Breach for Months. How Could You Not Know?
Unlike the loss at Target, a single-location restaurant in Bellingham, Washington went out of business in 2007 after hackers stole 22 credit card numbers through a payment processing system that the restaurant owner had purchased on eBay.
The owner paid $7,000 in fines and $5,000 in remediation costs, and spent almost a year on efforts to remediate a problem from which his business did not recover.
By Many Measures, the Data Security Landscape for Small Businesses Is Grim
Kaspersky Lab estimates that the average direct out-of-pocket spend is $38,000 for small businesses that experience a data security breach.
Those data breaches also cost small businesses an average of $8,000 in indirect recovery costs.
Shifting data operations into the cloud is not a failsafe answer. Data compiled by Arbor Networks reveals that cloud-based data systems are seeing an increasing number of Distributed Denial of Service (DDoS) attacks since 2013.
Data can be lost not only through malicious system attacks, but also through system and program coding errors.
In early 2016, San Diego County reported that confidential employee personnel records were accidentally provided to Wells Fargo Bank through a data transfer coding error in a Hewlett Packard Enterprise system.
Limiting access to your physical plant with RFID keycards poses its own risks.
Hackers can use stealth technology to read and copy RFID keycard information, and then use that information to gain entrance to your facilities.
What Can Small Businesses Do to Protect Themselves?
Data security experts typically begin with the human side of security risks.
A single careless employee who misplaces a company cell phone, tablet or laptop can compromise more customer information than a determined hacker who aggressively targets a business’s data systems.
Employees who open email attachments from unknown sources or who access information from risky websites will also expose a company to multiple data security risks.
Small businesses need to educate their employees on data and system integrity.
They also need to implement balanced policies that allow employees the necessary freedom to do their jobs while limiting access to those parts of the Internet that are known sources of problems.
Jay Allsopp, blogger at Tech Daring, suggests that employers spend time discussing secure passwords with their employees.
Allsopp offers great advice on how to create passwords that hackers can’t easily guess:
"Here’s one way to do it. Think of a phrase that means something to you, a phrase that you have said before or one that you’ll remember, like, 'I have 1 daughter, 2 sons, and a beautiful wife of 18 years!' Your password would be 'Ih1d2saabwo18y!' You could use a sentence that incorporates your favorite sports team, your ideal wine along with the year it was bottled, or something else that has multiple words and a few numbers in it. Ideally, you should include a symbol or two as well."
Passwords like these will help protect companies from data breaches that could cost them thousands, even millions, of lost dollars.
There Is No Single Solution
Entrepreneurs generally understand that no single solution will fully address a data security risk.
Their small businesses should examine multiple different control systems that offer protection at all levels of the business, from encrypting employee and customer information that is communicated electronically, to enhanced firewall technology and access control to physical facilities.
These systems are more affordable now and amount to an easy insurance program that will cost far less than addressing a data breach.
If a data breach does occur, an entrepreneur needs to take immediate action to stem any losses and to communicate with vendors, employees and customers that are affected by the breach.
An immediate response might cause a business interruption that a small business can hardly afford, but the short-term interruption and losses will be easier to manage and absorb than any long-term problems that will result from data breaches that are ignored.
Big businesses will always have more resources to protect themselves and to absorb losses if or when they occur.
Perhaps because big businesses are implementing more robust data security systems, small businesses are increasingly in the hackers’ cross-hairs.
Related Article: Internet of Things: Security, Compliance, Risks and Opportunities
One out of every 125 emails now incorporates some form of malware, and the great majority of those emails are targeted at companies that employ fewer than 2,500 people.
Your small business is a tributary that hackers can use to access larger data streams that the big companies are protecting.
You can protect your business’s data now, or suffer the consequences later.