You guessed it, businesses are still suffering from data breaches, years after major incidents at Home Depot and Target raised awareness to stratospheric heights.
Admittedly, these are fairly high-profile targets, but entrepreneurs shouldn’t get lulled into a false sense of security by their relatively low profiles in the business world.
Verizon’s most recent Data Breach Investigations Report is a reminder of why businesses of all sizes should keep their guard up. Take, for example, small town inns and restaurants.
“The hospitality industry continues to be inhospitable, at least when it comes to POS [point-of-sale] breaches, which continue to be as ubiquitous and unsatisfying as the continental breakfast,” states page 14 the report. “While hotels likely come to mind first, restaurants also fall into this industry and comprise the majority of the victim population. Often food service victims are smaller businesses without IT departments, CISOs [chief information security officers] etc., but they do accept payment cards and are therefore a target for opportunistic attack.”
In fact, nearly all breaches (99 percent) affecting the hospitality industry are financially motivated. Payment information (96 percent) is the most commonly form of compromised data. Personal information is a very distant second (two percent) followed by credentials (one percent).
Compounding the problem is the financial damage caused by data breaches.
On average, small and midsized businesses (SMBs) spend $38,000 to recover from a breach, according to a 2015 study from Kaspersky Lab. They spend an additional $8,000 in indirect costs like staffing, training and additional systems.
Data breaches can also drive up marketing costs. In an effort to recover from the damage done to their brand’s reputation, SMBs wind up spending an average of nearly $8,700 on marketing and public relations.
The most common types of security incidents affecting SMBs include cyber espionage, security failings at third-party suppliers and hacks or network intrusions, Kaspersky found.
Dead Tree Data Breaches
Needless to say, protecting databases, cloud accounts, work laptops and other sources of digital information makes a ton of sense. But don’t neglect those stacks of printed invoices, contracts and other documents that teeter precariously on many a worker’s desk. They also contain valuable information that can be easily stolen.
Shred-it’s Information Security Tracker Survey for 2017 reveals that 39 percent of small business owners don’t have a policy for storing and disposing of paper documents considered confidential. Less than half (49 percent) shred all their documents, confidential or not, making dumpster divers happy. Only 13 percent store confidential documents in a locked console or shred them using a professional service.
Nearly a third (32 percent) of small businesses owners don’t feel the loss or theft of documents would cause damage. Practically the same number (31 percent) don’t feel a breach would have a significant impact on their business.
“Whether it be on lingering paper documents or electronic devices, properly disposing of or securing sensitive information is the best way for a business to protect their customers, their reputation and their people,” said Kevin Pollack, senior vice president of Shred-it, in a statement. “Companies of all sizes need to start taking proactive measures to ensure their employees are trained on destruction procedures, that sensitive information is stored securely, and that they’re mitigating information security threats by disposing of paper and electronic devices in a timely fashion.”