A data breach can be a challenge for any business, but this is especially true for smaller businesses. Not only can it be more difficult for a smaller business to recover from a data breach, but criminals may also be more likely to target smaller firms.
When a data breach occurs at a large firm or government agency, it winds up all over the news. If one occurred at a small business down the street, those unaffected would probably never hear about it. But a recent report released by Verizon found that nearly three-quarters of data breaches analyzed last year involved businesses with 100 employees or fewer.
"Most small-business owners simply do not believe they are at risk," says Lynn LaGram, assistant vice president of small commercial underwriting for The Hartford. "The reality is that small businesses are often more vulnerable - making them easier targets."
LaGram says part of the reason may be that small-business owners often don't have the time or resources that larger companies may have to assist them in protecting data. However protecting data may not be as difficult as one would think.
Steps to help prevent a breach
For a business or organization that must handle sensitive customer, patient or employee information, it's important to take measures that decrease the likelihood of a breach. "A data breach can involve electronic or paper records," says LaGram. She shares eight data protection "best practices" for a business:
* Lock and secure sensitive customer, patient, member or employee information.
* Restrict employee access to sensitive information.
* Shred or otherwise securely dispose of all sensitive customer, patient, member or employee information.
* Use password protection and data encryption for sensitive files.
* Update systems and software on a regular basis.
* Use firewalls to control access to sites that could compromise your security and lock out hackers.
* Ensure that remote access to your network is secure.
If a breach occurs
While it's important to take proactive steps to help prevent a data breach from occurring, there's no way to eliminate the risk entirely, so it is also important to have data breach insurance.
According to LaGram, a business owner should consider insurance that provides:
1. Coverage for expenses associated with responding to and recovering from a breach. "Business owners may not realize that they must comply with various notification requirements, which can be costly," says LaGram. Additional advertising expenses to help a business restore its reputation after a breach would also fall into this category.
2. Legal expense and liability coverage. A customer or employee whose personal data is compromised may sue the business owner for damages. This insurance provides coverage for defense costs, civil awards, settlements or judgments that a business owner may be obligated to pay.
3. Access to data security experts to help the business owner navigate the various notification requirements as well as determine the cause of the breach and take steps to prevent it from happening again.
Both consumers and business owners can learn more about what to do if they are involved in a data breach at www.ftc.gov/idtheft.
"A data breach can happen to anyone, so it's important for business owners to be prepared," says LaGram. For more information about protecting your business from a data breach, visit www.hartforddatabreach.com.