Why Your Business Needs a Security Breach Plan
Virtually every business collects and stores personal information on both employees and customers. This data runs the gamut from phone numbers and email addresses, to user IDs, passwords, credit card and bank account numbers, Social Security numbers, and medical records. If this information is stolen or exposed, the resulting fallout can ruin your reputation, and destroy customer trust.
Think it can’t happen to you? Data breach incidents are on the rise. A 2016 survey of small businesses by CSID found 58 percent of small businesses were worried about cyber attacks and that 31 percent were not taking any proactive measures to mitigate an attack. A survey of small businesses in the U.S. by the Ponemon Institute found that almost one-third of respondents have had a data breach, almost all involving electronic records.
Surprisingly, these breaches were not all the result of shadowy cyber criminals in foreign lands hacking through computer firewalls with sophisticated viruses and malware. The primary causes were employee or contractor mistakes. We’re talking preventable events like lost or stolen laptops, smartphones, and thumb drives. Or negligence and simple mishandling of electronic records. These human errors may be even harder to track if you are outsourcing your data collection and storage. A majority of firms that rely on third parties to handle data do not have contracts that require the third party to cover costs associated with a data breach.