According to a June 4, 2019 Security Magazine article, “cybercriminals exposed 2.8 billion consumer data records in 2018, costing more than $654 billion to U.S. organizations.” Personally identifiable information (PII) was the most targeted data, with 54 percent of stolen PII being date of birth and/or Social Security Numbers.
In addition, “name and physical address (49 percent) and personal health information (46 percent) were the second and third most commonly compromised type of PII in 2018.”
Based on the above, and the just released 2019 Verizon Data Breach Investigations Report (DBIR) where Verizon found that 43% of data breaches happened to small businesses, I have listed below my four data breach best practice tips to help small businesses prepare for and limit their exposure to a data breach event.
Best Practice #1 – Every small business needs to understand how and where their technologies and systems comingle with the cybersecurity threat landscape. However, staying on top of all the security news and knowing the latest security trends is a time consuming and challenging task. I recommend regularly reading Brian Krebs, who is the author of a daily blog covering cybersecurity, data breach and cybercrime trends.
Best Practice #2 – Have a written information security and governance policy and update this policy each year. Once complete, have every employee—even if your business has two to five employees—sign this information security policy document acknowledging that they have read, understand and agree to said policy.
Best Practice #3 – Have a data breach risk management plan in place. The lack of cybersecurity preparedness, data breach planning and employee privacy training have made small businesses a target for cyber criminals. Your data breach risk management plan should include pre-breach planning with a focus on an information security risk assessment and employee education and awareness. It should also include post-breach planning with a focus on state and federal breach notification laws and a list of incident response vendors such as your insurance broker, legal services, forensic services, and public relations.
Best Practice #4 – Every small business owner should consider having a cyber liability insurance policy, which can help protect your business from cybercrime and a data breach event. The CEOs and CIOs of Equifax and Target were not fired because they were hacked or breached, they were fired for their failed management response to their breach events. Cyber insurance can help your business be resilient and compromise ready.
With the threat environment changing so quickly, chances are your security policies and procedures (if your business has security policies and procedures) are not keeping up, just as state and federal laws are not keeping up with the newest technologies.
Cybersecurity is an area of your business you can’t afford to ignore. These four data breach best practice tips will help your small business respond to new threats along with the changing regulatory environment.
By Mark Pribish, VP & ID Theft Practice Leader
Merchants Information Solutions