Last week, we looked at the ways in which small businesses can be the targets of data breaches in our post “Cyber Insurance: Why It Matters, Where You’re Exposed.” In general, small-business owners might not understand how data breaches work, and so they don’t take the security steps to avoid them.
But small businesses can be affected by cyber crime even when they aren’t the primary targets of the breach. Technology trends and analysis site CIO.com points out a subtler way that big-name data breaches (such as Target’s last year) affect small businesses: by disrupting their automated payments.
How Big-Box Data Breaches Put Stress on the Little Guy
Imagine you are a small-business owner who relies on monthly customer subscriptions – a magazine or a yoga studio, for example. To make it easy on your customers, you allow them to sign up for automated payments. Once a month, a fee is automatically deducted from their accounts and placed into yours.
But here comes the Target data breach, which according to CIO.com, affected 84 percent of financial institutions. Bank after bank deactivates their clients’ debit and credit cards as a precaution. Next month, several of your customers’ automatic payments can’t be processed because their cards have been disabled and they forgot to update their information with your yoga studio.
Now you’re out a good portion of your monthly revenue, and you’ll have to put in extra hours to contact your customers and ask them to fulfill their payments.
How Can Small Businesses Avoid the Costs of Data Breaches?
As CIO.com reports, it’s “easy” to think that hackers will never target your business. But with the growing number of big-name breaches, it won’t be so easy to escape their wrath.
So what do you do? Try these tips:
- Make a plan. On CIO.com, Dr. Larry Ponemon, founder of the Ponemon Institute, notes that companies – big and small – need an “Incident Response Plan.” This is written protocol that outlines your data breach response. The average data breach already costs businesses about $3.5 million (think lost revenue in addition to the data breach investigation and repair). But Ponemon says that without an Incident Response Plan, business can expect the average cost to rise 10 to 15 percent.
- Have a form email ready. Because you can be affected by other business’s data breaches, have a form email or letter ready so you can notify your customers that they need to update the credit cards they have on file with your business. This saves you a lot of time and energy in the long run.
- Hire a security consultant. Ponemon also recommends hiring a professional to take a look at your data security defenses. Does your business allow employees to use their own devices at work? Do you encrypt sensitive information? Do you use secure passwords? An IT professional can take a look at these issues and much more.
- Get Cyber Liability Insurance. Cyber Liability Insurance helps businesses pay for the cost of a data breach – notifying customers, investigating and repairing the breach, offering credit monitoring services, and more. It’s important to realize that the other liability insurance you may have (General Liability, for example) does not protect your business from the cost of a data breach.
For more information on cyber security, check out our other blog posts on data breaches.