November 29, 2022
Data breaches and their subsequent costs are a growing concern for businesses, big and small. According to the Identity Theft Resource Center, from 2020 to 2021, data breaches increased by 68%. IBM reports that over the past five years, the cost of a breach, having increased to an average of approximately $4 million, could impact any business as they face potential regulatory actions, fines, legal fees, and the loss of customers.
The cost of data breaches could especially take a toll on small businesses. The Shred-it® 2022 Data Protection Report (DPR) found that 55% of the small business leaders (SBLs) surveyed indicated that they do not feel they have adequate resources or support to navigate today’s data and information protection regulations that can put them at risk of both monetary and brand damage.
Small business owners should consider implementing the following data protection tactics:
Know your data. Understand the answers to these questions: What types of data do you have (both physical and digital)? Where can it be found? Who has access to this data?
Audit your business for risks/risk assessment tools. The DPR found that over 66% of the SBLs surveyed fear that their business is vulnerable to a data breach. Once you have an understanding of what data is stored where, the next step is to evaluate the risks associated with current practices.
Train employees. Almost half (48%) of the SBLs surveyed in the DPR believe employee error is a source of data breaches. Although employee training can be expensive, it can help small businesses in the long run and will help protect against the potential fees and customer loss that could stem from a data breach.
Implement policies and procedures. Outline clear steps for employees to follow. For example, a clean desk policy helps ensure physical documents are shredded or locked away and that all technological devices are password protected each time an employee leaves a workspace. In addition, a Shred-it-all policy encourages shredding all documents to help ensure physical confidential information is not left vulnerable.
Other policies to consider include record retention, bringing-your-own-device, email and internet-use policies, and workstation safety policies. Clear plans can help prevent costs later and protect the organization, employees, and valued customers.
Follow legal regulations. Privacy legislation exists at several levels of government - federal, state, county, and municipal. It is important to identify and understand the data privacy legislation that may apply to your business.
Develop an incident response plan. An incident response plan is a documented, written plan for IT professionals and staff, which details specific actions that will help mitigate the negative effects of a data security issue. These plans are designed to save time and reduce staff stress should a data breach occur, as it keeps all personnel aware of their assigned duties. Without an intentional plan and designated tasks, companies can risk worsening the incident and damaging their reputations and budgets.
Small business owners have many responsibilities. The DPR found that nearly 8 out of 10 leaders surveyed believe that they are disproportionately affected by data breaches compared to larger businesses with more resources. Trusted partners, like Shred-it®, can help businesses understand how they can improve their physical data security policies and practices. With the work environment constantly changing and hybrid work environments remaining prevalent across multiple business sectors, small businesses need to improve both physical and digital data security as employees move between offices and at-home workspaces. Effective solutions can help you avoid breaches and limit monetary damage exposure.
Discover how Shred-it® can assist small businesses to help them protect their data, brand, and bottom line.