I am the only person at my business who uses a computer. I do not store all that much information on my customers. I do not have enough customers for a criminal to even bother hacking my company. These are thoughts that most small business owners have posed to themselves at some point or another. Unfortunately, these assumptions are dead wrong. Data Breaches are no longer a problem only for big businesses. Most big businesses have caught on to the fact that they need to take data breaches seriously or they will eventually be the next business explaining why their customer’s sensitive information was compromised. Because of this, criminals are now looking in to small businesses as a target to gain access to much larger databases that those businesses are partnered with.
Two of the largest data breaches in history, Target and Home Depot, started just this way. In both of these cases the criminals first hacked in to a small business who had a vendor partnership with the larger business, where access was gained to the much larger businesses network. For Target the partner was an HVAC contractor and for Home Depot it was the company who processed credit and debit card transactions for their self-checkout lanes. In both instances, the small business had been hacked for months without knowing it.
Because of the ever growing role of technology in our lives and in our businesses, data breaches are only going to become more of a risk to small businesses in the future. Fortunately, insurance companies are picking up on this risk and developing insurance policies to protect businesses when a breach occurs within their organization. Here are the two main types of insurance policies small businesses should purchase in relation to a data breach.
Protect your Business from a Data Breach
Data Breach Insurance
A Data Breach Insurance Policy deals with the first party damages to your business. These cost may include, but are not limited to: notifying all customers who are impacted by the breach, hiring a forensic team to identify where access was gained to your internal computer systems, and providing credit monitoring services to those impacted for up to one year. In most states, these three costs are required by law for most businesses after a data breach occurs. Some data breach policies have coverage to hire a public relations firm to repair the tarnished image of your business and setting up a post breach call center for victims.
Cyber Liability Insurance
Cyber Liability Insurance covers the third party liability your business faces to people and businesses who may have been damaged by a data breach within your business. Third parties can include any customers, vendors, employees, and anyone else who was harmed because of the data breach. The costs covered by this policy can include the costs to comply with regulation, fines and penalties implemented by government agencies and losses resulting from the actual identity theft. The laws regarding identity theft are still in their infancy. At this time the dealing with a breach legally has been left up to the states. This can make the amount to repair your business to fluctuate from state to state. According to the Ponemon Institute, a leading independent think tank, the cost of a data breach is $145 per record stolen as of 2015. That cost is more than likely higher today. No matter what the cost to repair your business, it is considerably more than the amount to purchase a cyber liability insurance policy.
Prevent a Data Breach
Defending your business from a hacker does not stop with simply purchasing an insurance program. There are several things you can do to prevent a data breach from occurring in the first place. Here are three things that all small businesses should add to their training programs to prevent a data breach form happening within your business.
Show employees how to protect their passwords
One of the main ways data breaches occurs is because of weak passwords. It is never acceptable to assume your employees know how to create a strong password or that they take this task seriously. During your training practices you need to show employees concrete examples of what is and is not a good password. Here are some examples of good and bad passwords:
Bad: BenSmith or password
Implement a Clean Desk Policy
Everyone assumes a data breach occurs because someone internet genius is using an encrypted computer to hack in to a computer from a far off country, but it is equally likely for your business to be hacked because someone leaves something out where the wrong person has access to it. This can be something as simple as a laptop computer being stolen at an airport while an employee travels to a conference. It can happen when a commercial cleaning company sees the passwords left on the desk of a vice president at a small bank in Iowa. It has even happened to a baseball team who had a coach write his password on the chalk board in his office and he did an interview for ESPN with the chalkboard in the background. If all of these businesses had implemented a policy that encouraged protecting your workstation, they could have prevented a data breach from occurring.
Getting rid of all paper documents that have sensitive information is the simplest thing a small business can do to prevent the information of their customers from falling in to the wrong hands. This can apply to a business whether you are a retail location storing shipping information for a customer who ordered a dress from a fashion boutique or a restaurant who has a customer leave their copy of a receipt on the table after dinner.