Information thieves are going after small businesses in a big way.
At least half of small and medium sized businesses reported they had data breaches involving customer and employee information in the 2016 State of SMB Cybersecurity report by Ponemon. The most prevalent attacks were Web-based and involved social engineering.
While data breaches can damage a company’s reputation, there are potentially devastating financial costs too. In the study, damage or theft of IT assets cost companies an average of almost $900,000. The disruption to operations cost an additional average of $955,429.
Here are 5 data security risks small businesses may need to address now.
- Lack of training: People are the biggest security risk to any sized organization but 78% of SMBs conduct security training just once a year or less, according to an Infosecurity-Magazine.com post. Schedule on-going training so employees understand current threats and know how to avoid them. Support secure work habits by creating a culture of security, and by having a security committee made up of employees from every department.
- Mobile device management: SMBs are embracing BYOD (Bring-Your-Own-Device) but along with increased productivity, enhanced services, and happier employees, there’s an increased risk of data breaches. The National Cybersecurity Institute warned of the “plethora of insecure apps that make it easier for criminals to develop and deploy malware onto mobile devices”. Put a mobile security policy in place, provide the latest and best IT safeguards, and schedule secure disposal and destruction of all mobile devices and hard drives.
- Compliance issues: Nearly 60% of respondents in The State of Small Business in America 2016 survey identified some level of difficulty understanding and managing government regulations and laws. According to the experts, there should be regular audits of information security policies and procedures so that companies – and employees – keep up with industry standards and privacy laws.
- Insecure paper disposal: The Seventh Annual Security Tracker from Shred-it showed that 39% of American small businesses lack any sort of policy for managing confidential paper. Unfortunately, this is still a common security problem around the world. Utilize a comprehensive document management process, and partner with a document destruction provider that has a secure chain of custody and provides locked consoles in the workplace for documents that need to be securely destroyed.
- Employee errors: The Ponemon report concluded that negligent employees or contractors and third parties caused most data breaches. There are many different kinds of employee errors ranging from opening attachment in phishing emails to sending information to the wrong person to putting confidential data into an open recycling bin. In earlier Shred-it research, only 28% of SBOs had a policy that requires all paper documents to be shredded, and 33% had no policy in place. A Shred-it All Policy would remove the risk of error because all paper documents would be shredded before disposal or recycling.
Here is more information about how small businesses can protect their sensitive data.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.