Protect Your Business from a Data Security Breach

Is your business in danger of a data security breach? Small businesses don’t have the resources of big companies but are just as exposed to a potential data breach. Learn how to protect your business with these tips.

One of the fastest-growing threats to your business may be lurking right under your nose. The worst part is that if you’re like most business owners, you’re not prepared to deal with it.
The threat? Data security.

The Verizon Data Breach Investigations report found that there were 3,950 data breaches in 2020.  Some of those were well-publicized and happened at big businesses. But, according to a 2018 report, the majority of data breaches  occur at small businesses. 

The losses from data breaches can be devastating – especially for small businesses. According to the 2018 Cost of a Data Breach Study: Global Overview from IBM Security and Ponemon Institute, the global average cost of a data breach is $3.86 million, and the average cost, globally, for each lost or stolen record containing sensitive and confidential information is $148 per record. 

How can a data leak affect your business?

  • Damage to reputation/brand–If your company is the victim of a cyberattack, it can cost you much more than money. Imagine all the trust and goodwill you spent years building between your company and your suppliers, customers, and employees vanishing in the blink of an eye.
  • Lost revenue–In addition to the out-of-pocket cost incurred as a result of a breach, revenue loss due to fewer customers, fewer sales, and declining customer loyalty is typical following a serious security incident. You may be responsible for reimbursement to customers. In fact, if even one employee loses a laptop, you’ll feel the pain. According to a Ponemon Institute study, the average value of a lost laptop is an astonishing $49,246.
  • Potential liability–In response to the rash of major data breaches lawmakers have scrambled to put stronger measures in place to protect consumers. If you fail to safeguard sensitive information you could put yourself at risk for expensive lawsuits. When NetDiligence looked at actual cyber liability insurance claims as part of their third annual Cyber Liability & Data Breach Insurance Claims study they found that the average cost for legal defense was $574,984 and typical claims ranged from $25,000 to $400,000.  


  • Lost productivity–Data breaches and other security incidents cause serious losses in productivity. Consider some of the fallout from a data breach. There’s downtime. You may also have to recreate lost data from scratch, engage in PR activities, contact individuals affected by the breach, go through litigation, and many other time-consuming activities that will distract you from your main focus. 
  • Resolution may require outside help–Another pitfall caused by data breaches is small businesses lacking in-house IT expertise will likely have to depend on an outside entity to help them sort out their problems.

You may wonder why more entrepreneurs aren’t doing something about data security if it poses such a big threat to businesses.

Why aren’t business owners doing more?

There are three key reasons that businesses–small businesses, in particular–aren’t prepared for the devastating effects of a data breach.

  • Lack of knowledge–If you don’t know there’s a looming disaster, you can’t prepare for one. Many business owners that are aware of the data breach epidemic don’t know what to do about it and thus, they do nothing. As a small business owner, you should get up to speed on the things you can do to minimize your risk for a data breach. Start by reading the information the US Federal Trade Commission (FTC) has provided information on cybersecurity.   
  • No plan to protect data–83% of U.S. small business owners surveyed by the National Cyber Security Alliance (NCSA) and Symantec have no formal cybersecurity plan. According to the same study, 59% don’t have “a contingency plan outlining procedures for responding and reporting data breach losses.”
  • Lack of resources–The average small business owner has nowhere near the resources that large companies have at their disposal to secure their sensitive information. Typically, small businesses lack security awareness, technical expertise, and budget. Nonetheless, there is help available for data security for small businesses.

So what can you do to keep a data security incident from crippling your business?

How to protect your business from a data breach

If you want to protect your business, you don’t need a massive war chest and a team of security experts. You will have to invest some time and effort to secure your business but you owe it to yourself to get started today.

Get educated– You’ve already taken the first step to protecting your business from a data breach by reading this article. Continue to seek out the latest factual information about data security incidents and how to best protect your business. You can start with this practical guide to IT security for small businesses. You can also use these tips to help prevent hackers from attacking your computers and making you a victim of cybercrime. 

Make your business PCI compliant. If your company processes, stores, or transmits credit card information, you need to be sure your operation is compliant with Payment Card Industry Data Security Standards (PCI DSS). Failure to be in compliance could lead to stiff fines and penalties if you are breached.

Get clear on what data you have and where it’s located–Most companies store data in a variety of locations. But leading security experts’ top concern is not knowing the location of sensitive or private data. 80% of data within most businesses is what’s known as unstructured data. Unstructured data such as emails and documents lack a pre-defined data model or isn’t organized in a predefined manner. Shockingly, only 7% of companies who participated in a recent Ponemon Institute LLC research report know the location of all their sensitive unstructured data. Spend some time identifying sources of risk.   

Put systems in place to minimize risk and protect your business–Establish data protection policies and communicate them clearly to employees, strategic partners, and customers. According to Trend Micro, “80% of organizations, regardless of size, believe managing and monitoring end-user privileges and entitlements is the most important security measure against data breaches.”

Safeguard sensitive data–Take steps to protect confidential information. Data loss prevention software can block sensitive information being sent through email. Confidential business information should be encrypted or safeguarded by DLP technologies. 

Use layered security–Security experts recommend using many different tools and techniques. A great first layer you can add is anti-virus and anti-malware. Consider adding a well-configured firewall. Restrict access to your data only to people you trust. Keep your software and patches up-to-date. You also want to physically secure your data and regularly backup all your data. Ideally, you want to put an automated backup and recovery strategy in place.

Keep an eye on your inner circle–You can still be a victim of a data breach despite your best efforts if companies you do business with aren’t protected. Banking institutions, cloud storage providers, suppliers, even your employees can expose you to data leaks. Establish clear policies governing data shared with third-party vendors, employees, and contractors. Employee negligence can also cause data leaks. Bring-Your-Own-Device (BYOD) necessitates protecting not only business technology but employees’ personal devices.

Have Incident Response Plan in place in case your company is breached–In the unfortunate event that your company is the target of a cyber attack you’ll be able to respond faster and much more effectively if you have a preexisting plan in place. Not having a plan can raise the already staggering cost of a data breach 10 to 15% higher. Don’t wait until disaster strikes to deal with your company’s data security. 

Now that you’re armed with the basics, spend a few minutes auditing your business to determine what data you have and where it’s located. Once you have a handle on that, you’ll be better prepared to come up with a plan to protect your business and the data it handles.

Get started image

Ready to get started?

Get the expert support you need

Start Now