The fact is small businesses are the NUMBER ONE target for data thieves. They know that most small businesses do not have full time dedicated departments to protect sensitive data. They also know that many small businesses use shortcut’s or free options that are easily hacked. They also know that most small businesses don’t even know what information is considered “sensitive or protect data.” I have spoken with many small business owners that say “I don’t keep credit card information so I have nothing to worry about.” Again, this way of thinking is putting them and their customers at risk. Don’t make the mistake of thinking you are too small for a breach.
EVERY business has sensitive data. EVERY business is required by law (federal, state or international) to protect that data. NO business is immune to a data security breach. If the big guys can’t prevent it how can you?
Excuses I often hear are “I don’t have the time or staff to do it”, “it is not in my budget” or “I trust my employees.” Sorry folks, these will not work. Good luck explaining this to your customers after a breach. I am SURE they will understand. In addition, if you can’t afford to protect the data how are you going to be able to afford a breach. The average cost to mitigate a breach is $200 per compromised record. If you have 1,000 clients in your database that is $200,000. This does not include fines, penalties and possible class action lawsuits. It is much more cost effective to be PROACTIVE than it is to be REACTIVE.
One great resource for small businesses is a privacy consultant or outsourced privacy officer. This person and/or organization will conduct a privacy risk assessment, develop privacy policies and procedures, conduct mandatory employee training (employees are the weakest link in data security) and be your point person in the event of a breach. While no one can prevent a data breach a privacy consultant can help to greatly reduce the risk and has the knowledge and resources to swiftly implement a data breach mitigation plan saving you time and money.
Privacy consultants work in conjunction with IT (aka “your computer guy”), HR and your attorney to provide you with an overall privacy plan. If not you end up with a segregated plan full of holes and often contradictory policies and procedures. A privacy consultant has the training and knowledge to assess all of the working parts of your organization to provide you with a cohesive plan.
Don’t wait until after a breach to take action. Do it today. Contact Kerskie Group today to schedule your free consultation 239-435-9111.