Top 8 data breach misconceptions
Many small business owners have a hard time distinguishing the hype from the facts when it comes to data breaches. So let's set the record straight.
Common misconceptions even tech-savvy business owners may have about data breaches
Hackers hit their target directly
You may think that hackers simply beat down a point-of-sales system until it breaks, but cyberattackers often infiltrate POS systems via contractors. When Target was hit, hackers first infiltrated the air conditioning company that serviced Target's corporate headquarters. Because the contractors had access to Target's network, the hackers used that entryway to get inside the retailer's firewall.
Big businesses are prime targets for data breaches
Bad news, small business owners. While big business breaches make headlines, 71% of cyberattacks target small businesses because they don't have the resources to fend off an attack. According to a National Small Business Association survey [PDF], 44% of small business respondents were victims of at least one cyberattack.
The average cost of each breach? About $8,699. Given that the Ponemon Institute's 2014 Cost of Data Breach Study shows that the cost of data breaches increased this past year by about $13 per stolen record (from $188 to $201 for each breached record), that number is probably even higher today. Plus, that number doesn't account for the cost of interrupted service or reputational damage, which can be the heft of data breach expenses.
Hackers and identity thieves are one and the same
Contrary to popular belief, hackers don't commit identity theft themselves. Instead, they break into a company's system, download credit card information, and sell that data for about $5 to $20 a piece on underground sites frequented by identity thieves.
There is such a thing as the online black market, and it's called the Tor network. This hidden, anonymous part of the web can only be accessed via specialized browsers.
The breached business knows about the hit right away
Unfortunately, the attacked business is often the last to know that it's been breached. It's only after banks discover fraudulent charges that businesses hear about a suspected hack.
Cyber mayhem comes in one form
You may think all cyber hacks are alike, but the truth is that hackers are endlessly creative in their strategies and approaches. According to the Verizon 2014 Data Breach Investigations Report, there are nine common types of cyber hacks.
One of the most popular ways to access data is by exploiting vulnerabilities in web applications, such as content management systems (CMS) or e-commerce platforms. In 2013, these types of attacks accounted for 35% of all data breaches. However, POS intrusions, denial of service attacks, and insider misuse are also common types of breaches.
Healthcare's biggest data problem is a mystery
Verizon's 2014 study also shows that 45% of all data breaches in the healthcare industry can be attributed to a lost or stolen laptop, USB, tablet, or smartphone. Mystery solved! When you consider that healthcare records sell for about 10 times more on the black market, there's a lot of incentive to target these types of businesses.
A business can quickly bounce back from a data breach
Think your small business can come through a data breach unscathed? Not so fast. According to a survey by HyTrust, a cloud security company, over 50% of the respondents said they would take their business elsewhere if their personal information was leaked.
Your industry doesn't affect the cost of a breach
Untrue. According to Ponemon's 2014 study, your industry plays a key role in the overall cost of breached data. The average cost per breached record is $316 for healthcare businesses, $236 for financial businesses, $213 for service-based businesses, and $125 for retailers.
6 ways to cut down the data malarkey
Now that you have a firm handle on the true nature of data breaches, it's time to step up your security. Be sure to implement the following pointers to ramp up your fortifications:
Use and update antivirus and antispyware software. Every one of your business's computers, laptops, smartphones, and tablets should have security programs in place. Be sure to update security patches regularly – hackers can use the patches as a roadmap to exploit vulnerabilities in older versions of your protection software.
Only use POS systems for customer transactions. If your business's iPad doubles as a POS system, be sure you ban employees from surfing the web on it, which can introduce malware to your device.
Don't buy from shady online vendors. If you don't know anything about the company, don't trust it with your sensitive financial information. Be especially wary of websites that don’t feature an "https" in their address, which is the sign of a secure site.
Check for leaky web apps. If your small business relies on mobile devices, be sure to install protections that monitor your smartphone's connections and traffic to identify data-leaking apps.
Protect your physical data. As we noted above, one common cause of data breaches for healthcare businesses is the loss of physical devices and records. Be sure to lock up your devices, limit out-of-office use for work devices, and shred documents you no longer need.
Clear your data cache. It's good to keep thorough records, but sometimes, the more data you have on-hand, the costlier you can expect a data breach to be. Make a habit of clearing out files and data, but do work with a legal professional to ensure you don't accidentally delete records you may need later on.
Compare quotes for data breach insurance from trusted carriers with Insureon
Cyber liability insurance helps cover the cost of cyberattacks and data breaches so you can get back to business fast. Small business owners can often bundle data breach protection with general liability insurance or a business owner's policy (BOP) for savings.
Complete Insureon’s easy online application today to compare quotes from top-rated U.S. providers. Once you find the right policy, you can begin coverage in less than 24 hours.