If the fallout from this summer's NSA surveillance scandal has taught us anything it's that privacy isn't just for those with something to hide. Every business large or small is entrusted with company and/or customer confidential data that it needs to keep safe. Absolute privacy for that data is something that customers have every right to expect. The threat of security attacks is global and the potential consequences for any small business deemed responsible for a data breach can be severe, especially where, as in the case of an independent financial services advisor or a small medical practise, they are part of a regulated industry.
According to the 2013 Information Security Breaches Survey by the Department of Business Innovation Skills 87% of small businesses (SMBs) in the UK experienced a security breach last year. In addition, affected companies experienced roughly 50% more breaches on average than a year ago. And if this wasn't already enough the global rise in cyber-crime is leading to calls for a more vigilant regulatory environment.
Henceforth, it looks as if privacy and security are destined to go hand in hand.
Any small business that thinks their modest size means they are not a target for cyber criminals only needs to look at the bigger picture. Taken together SMBs represent a substantial proportion of the market. 2020 Vision - the Future of Business has predicted that entrepreneurs may outnumber big businesses by 2020.
While big corporations have teams of people to deal with data security, small businesses have widely varying degrees of resources. Some do have dedicated staff for IT and security, even privacy; while others have decided to contract all of that out to a professional firm. Most often, however, the smaller businesses will combine the role of PA, secretary or office manager with that of head of data security. When you add in the fact that SMBs tend to lack the IT resources and the security budgets needed for state-of-the-art cyber defences you begin to see why cybercriminals might regard them as fair game.
The UK's Federation of Small Business this year found that 41 percent of members had been a victim of cyber-crime at an average cost of £4,000 per business. Around three in 10 members had been a victim of fraud, typically by a customer or client (13 percent) or through 'card not present' fraud (10 percent). Elsewhere research by Ponemon Institute showed the cost of data breach has continued to rise for the sixth consecutive year - the average cost per capita jumped from £79 to £86 last year. Negligence remains the main cause of data breaches, closely followed by malicious or criminal attacks.
Thankfully there are a few simple things small businesses can do to protect themselves for example:
• Make sure your patches are up-to-date and that not everyone in your organisation has an admin password. Restrict the access rights of people who don't need them.
• Educate employees on data security policies and procedures
• Insist on strong passwords - and don't make the password 'admin' or 'password'! Encrypt your wifi and ensure everyone's computers are running the latest versions of software.
• Take stock of the data you routinely gather and accumulate. Retain only the information you actually use and destroy unneeded information.
• Look beyond your own four walls. Work closely with all third parties to ensure proper security procedures are employed after data leaves your immediate control.
• Create crystal-clear policies on the use of laptops, tablets, and mobile devices outside of the office and only allow them to have the base minimum of company data. Stolen portable devices are a leading cause of critical data breaches. Employees should be able to access any data files they need in the cloud, without having to download or retain anything.
• Know the law in relation to data security and breach notification. Consult a law firm with a speciality in this area. Because regulations change and case law evolves, budget for a yearly review of your policies.
• Finally, take out insurance. You should consider data breach coverage as essential as property, liability, fire, and theft.
For most small businesses, the boss' chief concern is making payroll every month and growing the business year-on-year. This is natural and understandable, but neglecting details like client data protection and security can cause serious reputational damage. Having robust, demonstrable privacy and security practices on the other hand can help a small businesses elevate and differentiate itself from the competition.
You may think your business has privacy and security all sewn up. But does it really? Why not take a few minutes to find out by taking this quick small business IT security health quiz.