In the last few years, small business owners in particular may have become aware of the large and growing risk that data breaches may pose for them, especially given that many hackers have begun to specifically target them more recently. However, with the dearth of reports coming out about the potential sources from which these incidents can originate, it may not always be easy for entrepreneurs to know where they should focus their prevention efforts.
Given the amount of reports now being published every year about the ways in which data breaches can originate, many small business owners would probably be forgiven if they aren’t able to sort it all out, and this is especially true given how disparate the findings of these studies typically are, according to a report from the Wall Street Journal. For instance, a recent study from Verizon showed that 92 percent of data breaches committed in the last year were caused by outsiders trying to gain access to sensitive information held by an organization, while another, published by PricewaterhouseCoopers found that nearly three in five were caused by either current or former employees. Those findings, too, clashed with recent data from the Ponemon Institute, which found that human errors and system issues were the cause of close to two-thirds of all such incidents.
This jumble of information can make it extremely difficult for companies, particularly smaller ones with limited budgets – either financial or time-related – for dealing with data breach threats to determine where they should turn first, the report said. That, in turn, can leave them vulnerable as they hustle to cover as many bases at the same time as they possibly can.
“When you read the Ponemon report, the first reaction is most data breaches are non-malicious and non-criminal,” Larry Ponemon, chairman of the digital research firm Ponemon Institute, told the newspaper. “Then you read the Verizon report and find most breaches are a result of exfiltration of data, hackers, bad guys.”
Other studies on data breaches likewise can create confusion about how much they can cost companies, the report said. Therefore, it may be wise for small business owners to focus on what they can do on their end and not worry so much about what industry-wide data might suggest is their biggest problem.
What that can mean for companies
When it comes to actually building protections against data breaches, often the simplest steps for small companies are the best ones to take. For instance, taking the time to educate workers on the ways in which they should be handling sensitive data – which can range from everything including clients’ personal or business contact information such as their names, dates of birth, Social Security numbers and the like, to financial details including credit card or bank account numbers – can go a long way to making sure that they do not expose anything they shouldn’t. Similarly, letting them know about the potential for phishing threats that they may end up facing could likewise help to safeguard a small company’s online accounts from being hacked with relative ease.
Another important part of ensuring that such enterprises are protected from data breaches is by owners making sure their companies have sufficient tech insurance coverage. This type of small business insurance is designed specifically to help enterprises remediate the costs associated with cleaning up in the wake of such an incident. Often, depending on the size of the incident, these costs can stretch into the hundreds of thousands of dollars or more and significantly endanger small businesses financially.
