Seven Steps to Protect Against Data Breach

Do not be misled into thinking that breaches of computer data concern only mega-corporations. The problem is rapidly escalating for small-business owners. In fact, your business may soon be exposed to dangers from hackers, if it has not happened already. According to a recent survey, 55% of small businesses have experienced a data breach, while 53% of those businesses had multiple breaches.

The loss or theft of private information can be expensive, may harm business relationships and might even trigger legal penalties. In the worst-case scenario, the business could go under.

Why put your company’s reputation at stake and risk a financial catastrophe? Take steps to prevent data breaches, and implement procedures for a fast response should one occur. Here are seven practical suggestions

1. Take an inventory of the private information on file, and retain only what is necessary. As part of this process, you should shred old files, destroy old hard drives, and wipe portable devices and remove memory cards before you discard them. Limit access to employee and client records on a “need-to-know basis.”
2. Protect the integrity of the system. Generally, this means installing and updating computer firewalls, as well as antivirus and antispyware programs. Even a basic software package can be helpful, while encryption programs are becoming more affordable.
3. Run background checks on employees. In many cases, a significant number of employees will have access to restricted information, so be thorough. Do not allow exceptions even for long-time employees who have been loyal to the company—this applies to everyone.
4. Review agreements with outside sources. For instance, if your company shares data with a third party, such as a payroll processing firm or some other vendor or supplier, it should stipulate in its contract that the third party is responsible for costs when information is breached while under its control.
5. Use professional security services. For greater security, be proactive in this area. Typically, a security consultant can help decide what level of protection you need and will remain “on call” at all times.
6. Consider acquiring extra insurance. Because data is so critical to small businesses today, you might add data-breach insurance to your basic property and casualty insurance coverage. Not only does the coverage pay for responses but it generally provides other services such as identity fraud case management for clients. Contact the insurance carrier to start the ball rolling.
7. Finally, do not panic if there is a data breach. Take a deep breath, and then act swiftly and decisively. Analyze what level of information has been exposed, adhere to state reporting laws and determine the best course of action for responding. Make this a top priority for your business until the task has been completed. Your business advisers may provide valuable guidance.

Virtually no business, small or large, is immune from technological danger. However, by planning ahead—and adopting some, if not all, of these seven basic security measures—you should be able to reduce your exposure and limit the potential for devastating losses.