Data Breaches Happen to Both Small and Large Businesses

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow

It is no secret that despite increased awareness of data breaches around the globe, businesses continue to fall victim to cybercriminals exploiting their weak security measures. An article on Small Business Computing explores data breaches and how the size of the business doesn’t matter to criminals seeking confidential information.

Large corporations are often thought to be the ones at risk, with companies such as Home Depot, Target and most recently Chipotle Mexican Grill suffering major data breaches, however hackers have not forgotten about small businesses.

Looking at Verizon’s most recent Data Breach Investigations Report we can see why businesses of all sizes need to keep their security measures a top priority.

According to the report, the hospitality industry remains a significant target for hackers, specifically through POS (point-of-sale) data breaches. The hospitality industry doesn’t just include hotels, but also accounts for restaurants, who make up a large majority of data breached victims.

Why do cybercriminals target smaller businesses in the food service industry? For starters, these businesses accept card payments, giving cybercriminals data to go after. Another key factor is that these businesses typically do not have IT departments or other individuals appointed to ensure their data is secure, making them viable targets for cybercriminals.

In fact, nearly all breaches (99 percent) affecting the hospitality industry are financially motivated. Payment information (96 percent) is the most common form of compromised data. Personal information is a very distant second (two percent) followed by credentials (one percent).”

How much does a data breach cost?

According to a 2015 study released by Kaspersky Lab, small and midsized businesses (SMBs) spend the following to recover from a data breach:

Approximately $38,000 on recovering from the breach itself

Approximately $8,000 on additional costs, such as training and staffing

Approximately $8,700 on marketing and public relations to repair the businesses reputation

What are the most common types of security incidents affecting SMBs?

The Kaspersky Lab study found the following are the most common security incidents:

Cyber espionage

Security failings at third party suppliers

Hacks or network intrusions

It is important to remember that not all data breaches are a result of compromised digital information. Protecting physical paperwork such as invoices, contracts and other documents in the office is vital to your organizations security.

Shred-it’s Information Security Tracker Survey for 2017 reveals that 39 percent of small business owners don’t have a policy for storing and disposing of paper documents considered confidential. Less than half (49 percent) shred all their documents, confidential or not, making dumpster divers happy. Only 13 percent store confidential documents in a locked console or shred them using a professional service.”

Additional alarming statistics from the Shred-it survey:

32 percent of small business owners don’t feel the loss or theft of documents would cause damage”

31 percent don’t feel a breach would have a significant impact of their business”

It is critical for organizations to have proper disposal procedures in place and to ensure employees understand those procedures. Whether it is paper or electronic records, disposing of sensitive information safely will go a long way in protecting your business.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.