In a survey conducted by Ponemon Institute it was revealed that more than half of small US businesses have experienced a data breach and only one third of them sent customer’s notifications about the event. This is pretty unbelievable and illegal. Your proprietary information has been breached and the company doesn’t have the courtesy to notify you!
Eric Cernak, vice president of Hartford Steam Boiler Inspection and Insurance Company (HSB) said in a statement, “Smaller companies are targeted by data thieves, but they often don’t know how to respond when sensitive information they keep on customers and employees is lost or stolen. Failing to act in a timely and effective way can harm the reputation of businesses and even risk legal penalties in many states.”
Cernak told PC360 that the top reasons why small business aren’t reporting breaches “are because many do not know that state laws are regulating their disclosure exists, some companies erroneously think that the laws only apply to past a threshold of amount of data stolen, and they may believe that if they don’t report the incident, no one will find out.”
HSB had the Ponemon Institute (an independent organization that researches information security) conduct studies on data breaches for companies with revenue under $10 million. The study found that only 33 percent of companies who experienced a data breach complied with laws requiring them to notify their customers. A total of 55 percent experienced one breach and 53 percent experienced multiple breaches.
There are a lot of small businesses that lack the IT department or similar resources to help protect their data. According to the survey, employee or contractor error was the primary cause of data breaches. The majority of these types of instances were due to lost or stolen smartphones, laptops or other devices that contained data. Many of these businesses also share employee and customer transactions with third party companies for payroll, billing, and other outsourced services.
Symantec also released another study recently that found that 50 percent of employees kept confidential data when they left their place of employment. Of these, 40 percent admitted they plan to use that information at their new employment.
There are some affordable and effective ways for smaller companies to prevent data breaches. Pre-employment screening is now more affordable and more accessible even for smaller companies. You may be able to prevent a data breach by making the right hiring decision. Input more controls on how employees access data. More and more companies are implementing policies with respect to how employees use portable devices that can be lost or stolen.
If you do suffer a data breach, report it to the authorities and inform your customers and employees when their data may have been affected. One of the leading methods of preventing data breaches, is using a secure content management and document delivery service. You can prove your company is concerned with data protection and becoming a statistic in a data breach study by moving your documents to a cloud-based server.