Data Breaches: What Small and Medium Businesses Need to Know

What is a Data Breach?

A data breach is simply when information is accessed without authorization. This can be banking information, health, and other personal records, proprietary information, client lists, business plans, HR records, et cetera. If it’s data it can be breached. 

Small and Medium Businesses are particularly susceptible to data breaches, making up 58% of all reported cybercrime victims. There is a common misperception among small and medium business owners and their staff that hackers and cybercriminals only go after the giants like Netflix, Equifax, and others. The truth is, any business can be a target. Because of the lax security of many smaller organizations, they are specifically targeted as the perfect low-hanging fruit for a hacker looking to make some extra money through cyber fraud, data mining, or even selling personal and business records to the highest bidder. Due to the amount of private information contained in medical records, for example, they can sell for up to $1000 each. Maybe your company does not have to worry about protecting medical records. Do you have Human Resources files? Cybercriminals can use stolen personnel records like these for identity theft and sometimes even extortion. 

Want to learn about data breaches that may affect your business?

Learn more about relevant data breaches and other IT security tips by subscribing to our newsletter.

How do you report a data breach?

If your business is the victim of a data breach, it is important to notify your IT partner as soon as possible. They can help you identify what went wrong and how to reduce the risk of this happening again. You can also file a report with the Internet Crime Complaint Center of the FBI. If your breach resulted in the transfer of funds to a fraudulent account, contact your financial institution and ask them to contact the institution where the transfer was sent. Depending on the financial impact and liability associated with the breach, your insurance company may launch a further investigation. 

Additionally,  you may be required to report to your state or other authority, especially if Personal Identifying Information (PII) or Protected Health Information (PHI) is compromised. For example, in Colorado, you only have 30 days from when the breach is identified to notify those affected. If it has affected 500 or more Colorado residents you must also provide notice to the Colorado Attorney General.

How does a data breach happen?

There are lots of causes for data breaches but the biggest vulnerability, by far, is a human error caused by a lack of awareness. Stolen credentials through poor password security, for example, is a very common problem. Security Awareness Training is as important for an organization as Internet access. 

Breaches can also occur as a result of phishing, malware, when a lost or stolen device (like a phone or laptop) gets into the wrong hands, through unprotected networks, through social engineering, through old unpatched security vulnerabilities, and through insider misuse, just to name a few. 

How much will a data breach cost?

How much do you have? There is no limit to how much a data breach can cost your company. It depends on what was breached and how long it takes to identify and contain it. The average total cost of a data breach for companies of all sizes is $200,000, according to the insurance company, Hiscox. 

The longer a breach goes unidentified the more it can cost your business. According to a 2019 report by the Ponemon Institute, the average time to identify and contain a breach is 279 days. Breaches that are caught and contained within 200 days cost about 50% less than those that take longer to manage.

How to reduce the risk of a data breach

Every organization needs to carefully monitor their IT security, especially now, while so much of the workforce continues to work remotely. We have created an IT Security Checklist (link to downloadable item) as a starting point for evaluating your organization’s security policies and procedures. We recommend reviewing these checklist items with your trusted IT partner to ensure that your network and data are secure and that your staff is security-savvy.

Looking for an IT Partner?

Are you looking for more support with your information security, network security, data backup, and Security Awareness Training? We help our customers train their staff and lock down their data and networks so that they are free to focus on what they do best: running the business. We implement reliable solutions that can scale, all while keeping costs under control.

Our approach to delivering the best possible IT service is centered on you.  For a free consultation and security assessment, please contact us today.

We know what it’s like to run a business and we know your time is valuable. We can:

  • learn about your business
  • give you some ideas on what improvements you can make right away
  • provide free advice on your approach to IT security solutions

Schedule a Free Consultation

Interested in learning about how IT security helps arm your data from ongoing threats?

Call (303)-410-2845 or email us at contact us to schedule a free consultation