Why Your Small Business Isn’t Immune to Data Breaches



The duties of an entrepreneur are seemingly nonstop. Even so, you surely have heard about the virtually endless stream of credit card fraud and other types of data breaches that are plaguing many well-known U.S. companies. Although these stories may seem far removed from you and your little enterprise, think again.

Why Your Business is Vulnerable

While large corporations have millions of customers and may offer a bigger pot of money and resources to plunder, thieves frequently tend to target even the smallest businesses. Although this may seem counter-intuitive, there are good reasons to target smaller sellers. Like mega-retailers, small companies often collect and store customers’ sensitive credit card data. However, security is often not as high of a priority, leaving these micro companies more vulnerable to attack.

They are also more likely to become victims because many have still not adopted the more secure chip card readers that have been strongly encouraged by credit card companies and other financial institutions since October 2015. Sometimes known as chip cards, EMV cards, named for Europay, MasterCard and Visa, have become the industry standard. When placed in an EMV-enabled reader, this card is read and the entire transaction is processed in a fully encrypted way without the card ever leaving the customer’s hand. No longer does the merchant have access to the customer’s card number, expiration date or 3-digit security code.

Although EMV cards definitely have their advantages in terms of security, many small businesses have not yet upgraded their credit card scanner and swipers to accept the new cards. As a result, these merchants remain particularly vulnerable to criminal activity. What’s more, because they have failed to make the mandated updates, these sellers may be required to pay for the costs associated with any breach or fraud that occurs. That could amount to a daunting sum of money for a struggling small business.

Ransomeware: The Newest Type of Cyber Crime

Recent headlines have been brimming with disturbing stories about malicious emails that are sent primarily to those in financial positions at companies both small and large. If opened, these pernicious emails can hijack your entire data system, including all of your sensitive financial information. The creators of these types of malware then send a message indicating that you will never again have access to your vital data unless you pay a ransom. This latest trend in cybercrime is destructive and upsetting on numerous levels and looks to be on the rise.

Additional Costs Associated With Data Breaches

A small service business or retailer that is the victim of ransomware, fraud or other types of cybercrime also may potentially face other damaging hits to its bottom line. For one thing, you might be sued by your customer if you failed to have adequate security procedures in place.

In addition, you will probably incur expenses as you seek to understand the nature and extent of the breach that occurred, including legal fees. You will probably also be required to notify your customers about the data breach, and in most cases your merchant account provider will increase the fees you pay or even impose fines.

Intangible Costs

As you can see, fraud and data breaches can separate you from your money fast, but that’s not all they do. Consider the less concrete but equally disturbing possibility that your reputation may be seriously damaged. Once word gets around that you have been the victim of a serious data breach, it’s quite likely that you will lose a significant chunk of your profits as customers take their business elsewhere to a seemingly more secure vendor.

What You Can Do to Protect Yourself

Fortunately, there are steps you can take to minimize the chances of becoming a victim of these types of devastating crimes.

  • Draft a privacy policy that details your company’s obligations when it comes to data and thus limit your liability. Stipulate that consumers and employees are responsible for the safe-keeping of their own information. Specify what data is collected, where it is stored and processed and what protocols are in place to protect it.
  • Educate your employees on how to safeguard their data and that of your customers. Establish protocols, provide regular trainings and specify what happens if someone fails to follow the rules. Also, provide clear guidelines for what employees should do if they believe a data breach has occurred or if equipment has been lost or stolen.
  • Make sure your protocols address whether employees can use public networks and include requirements to lock PCs and laptops and to use complex passwords.
  • Carefully examine your insurance coverage. You may not be aware that cyberattacks are not covered under most general liability insurance policies. Therefore, it is important that you speak with your agent about your business’ level of risk in order to purchase a rider that covers both first- and third-party expenses and liabilities.

The sad reality is that identity theft and cyberattacks are here to stay, and your business is vulnerable regardless of its size. That being said, you can keep your risk to a minimum by being proactive. Reduce your odds of becoming a cyberattack victim by educating your employees, keeping equipment up-to-date, following industry data protection standards and having safeguards in place such as comprehensive insurance coverage that will provide a financial safety net should the unthinkable happen,