Running a small business is no mean feat. From raising initial financing to get the business off the ground, to fulfilling the orders of a dispersed customer base, each stage of operating a company needs to be meticulously planned. However, not everything can be foreseen, meaning for a business to survive it needs to be an amorphic beast.
No matter what the business specializes in and how long it has existed, it must deal with the reality of managing and protecting customer information. However, remaining data compliant should always be top of mind and the good news is that businesses agree. Recent research we undertook found that small businesses are aware of the importance of data protection – 62% say it is a concern and more than a quarter (27% ) identify it as the most important issue in their business.
Yet, there is no doubt that collecting and storing customer data is a difficult task. Remaining data compliant is now a challenge for all organizations, large or small, but can be especially difficult for businesses with few employees and smaller offices. The key components here are cost and lack of management expertise. If a small business is breached and loses customer data, it is likely to be punished by regulators. The fines today laid down by regulators post-breach can be crippling and is a heavy price to pay that few small businesses can afford. Because of this, almost a third (29% ) of respondents believe they would benefit from outsourcing their cybersecurity needs to stay compliant.
Breaches seem inevitable
It is no secret that data breaches are becoming more and more frequent. Yet, a specific concern for smaller businesses is that the number of breaches they are experiencing is growing faster than their larger counterparts. In fact, the amount of small businesses that have experienced a data breach this year has grown by six percentage points (from 30% to 36%). Meanwhile, the number of small-to-medium sized businesses reporting they have been breached this year has only increased from 46% to 48% year-on-year.
Understanding the risks
As the rise in data breaches shows no sign of abating, it is important that small businesses understand why they could be vulnerable to an attack.
Of businesses that experienced a data breach, more than a quarter (28%) admitted they didn’t have appropriate IT solutions in place. The same amount conceded that the business lacks internal IT knowledge and experience. Another interesting finding from the research is that more than a fifth (22%) of small businesses do not have a policy to regulate, or restrict, access to internal infrastructures by a third party.
Our survey also suggests that small businesses may feel lumbered by the added expense of corporate-grade IT. For example, a quarter (25%) admitting to only using home versions of security software to protect their business. However, it is important that they remember that security products dedicated to business use deliver a far more comprehensive level of data protection.
Planning data protection
The best way to avoid a breach, and being liable to the crippling fines, is to plan accordingly to ensure the right security solutions are adopted across the business – no matter how big or small you are. Half of small businesses (51%) admit they still need to improve their response plans for data breaches and IT security incidents.
To keep customer data secure, Kaspersky recommends the following advice:
- Teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldn’t use their name, birthday, street address and other personal information.
- Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that it should not be shared with untrusted third parties.
- Enforce use of legitimate software, downloaded from official sources.
- Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that could cause a breach.