Data Breach Preparedness a Must for SMEs
With so many data breaches happening everywhere in the world, you’d think that all companies would recognise the importance of data breach preparedness.
But when it comes to small and medium sized enterprises (SMEs), recent research shows that’s not the case.
According to Experian’s third annual data breach preparedness study, about half of small companies in the UK have no data breach response plan in place.
Data breach preparedness is the process of ensuring that a workplace is in a state of ‘readiness’ to contain a data breach. Here’s why this is so important.
Not if, when: Thinking that you’re not going to be targeted can impact basic security hygiene, warned Amandeep Lamba, director of cybersecurity at PwC, in the 2015 ebook, The Data Risks of SMBs . According to the PwC Information Security Breaches report, 74% of SMEs experienced a data breach last year.
Hackers love SMEs: SMEs have more digital assets than an individual but less security than a larger enterprise, making them an ideal target for hackers.
Cost: The Ponemon 2015 Cost of a Data Breach Study found that the average cost of a data breach is now a staggering £2.37 million. Fines, reputational damage, loss of trust, and long-term loss of customers are all consequences of a data breach. In the Experian study, 64% of consumers said they might not use a SME again if it were hit by a data breach.
Easier targets: Cybercriminals know that smaller organisations are generally less prepared than larger ones. In earlier research, insurance broker Towergate Insurance reported that most smaller companies did not prioritise online security improvement.
Supply chain: Small companies are often hacked not for the data they possess but because they are stepping stones to larger companies in the supply chain.
Financial vulnerability: In the Experian study, 77% of SMEs said the financial impact of a breach would affect day-to-day operations. An earlier study by US organisation the National Cyber Security Alliance found that 60% of small firms go out of business within six months of a data breach.
Insiders: Insider fraud cost £2.5 trillion across the globe in 2014, according to the Association of Certified Fraud Examiners. All companies should know that even tight-knit, smaller workplaces have insider fraudsters.
Here’s how companies can improve their preparedness and data breach prevention:
- Assume you’re a target. Create a culture of security in the workplace from the top down.
- Introduce formal security policies that extend to mobile devices too.
- Put a data breach response team in place.
- Create a data breach response plan – and practice it.
- Identify valuable data, and back it up.
- Educate employees to recognise signs of a breach and inside fraudsters. Compliance training is also important.
- Utilise a security platform that can detect and block. Ensure that all safeguarding software is patched and up-to-date.
Another way to protect your workplace is to implement secure information management and destruction policies.