It seems that data breaches are rarely out of the news these days. Last year’s high-profile Sony hack resulted in film budgets, stars’ and executives’ salaries, and some embarrassing email exchanges being made public. More recently, the media has been having a field day with the Ashley Madison hack. The website, whose slogan is “Life is short. Have an affair”, was compromised and the email addresses of millions of its users leaked, leading to reports of ruined relationships and broken marriages.
Of course, data breaches of this magnitude are always going to make for good old-fashioned, scandalous copy, but the really scary part is that if hackers can penetrate a giant corporation such as Sony, or a smaller but still supposedly highly secure company such as Ashley Madison, where does that leave the average small or medium-sized business? Don’t think that just because you only have 50 employees and you don’t store incendiary data such as the email addresses of philandering spouses you’ll be able to fly under a hacker’s radar, because you won’t.
Why small and medium-sized businesses need to worry about security too
Your organization might be small, but you are still potentially sitting on a pot of gold in the eyes of a cyber criminal. Do you take credit card payments from your customers? Do you have a database of client names, addresses, and bank details? Are you a healthcare provider who stores a mass of highly personal patient information? Just because your customers or patients aren’t Hollywood royalty or possible targets for blackmail, a cyber criminal faced with your data will still have dollar signs flashing in his eyes. After all, there are big bucks to be made from plundering your customers’ bank accounts or stealing their identities.
The aftermath of your organization’s data being breached
As a savvy business owner, the first question that may spring to mind upon discovering your data has been breached is “how much is this going to cost me?” And the bad news is that the expenses incurred by a data breach can be significant. You may be affected in ways, and by regulations, that you have never considered. Just take a look at the following money-sapping factors:
- Compulsory forensic examination – if you accept card payments, and it is suspected that your data has been breached, regulations set by the Payment Card Industry Data Security Standard (PCI DSS) state that you must be investigated. This examination determines whether or not a breach has occurred and, if one has, how serious it is. Not only will your Point Of Sale system probably need to be shut down, but you are also responsible for hiring the examiner yourself.
- Non-compliance penalties – if you have been breached and you are not found to be compliant with the PCI’s standards, you will be held liable. You may incur fines from both the card associations and your bank.
- Letting your customers know – it’s not a pleasant task by any means but, if information about your clients or patients has been breached, you will need to let them know. Notification letters will need to be sent and you may well find your resources – both human and financial – severely stretched as you enter into ongoing correspondence with these quite rightly concerned individuals.
- Customer/patient lawsuits – if any of the cards owned by your customers have been used to make fraudulent purchases, and a customer decides to sue you, you could be held liable if a court of law decides that you were negligent. In addition to this, you may be held responsible for paying the bank fees for the reissuing of compromised cards.
- Technology upgrade – if your Point Of Sale system is found to be the source of the breach, you will want – and may even be required – to upgrade or replace it. Consider the costs involved of overhauling your software, hardware, and even servers.
- PCI DSS compliance reassessment – finally, so that you can start accepting payment by card once more, you will need to be reassessed by an independent Qualified Security Assessor.
While that is quite some list – and one which could leave you seriously out of pocket – unfortunately that is not all you have to be worried about, for the non-financial aspects of a data breach can be equally, if not even more, devastating.
- Damage to your reputation – your customers and patients trust you to handle both their card details and their personal information in a secure fashion. Suffering a data breach – whether the root cause was internal or external – can result in your customers’ faith in you diminishing drastically. They gave you their data. You lost it. It’s as simple as that in their eyes, and many of them will think twice about using your services or buying your products again. Also, don’t think that just because you’re a small business or practice you can sweep the news under the carpet and that – financial issues aside – it will soon be yesterday’s news, for no news travels faster than bad news. It only takes a couple of worried, or downright angry, comments on your company’s Facebook page for the news of your breach to spread like wildfire. And once the word is out, it will stay out, thanks to the internet.
- Damage to your productivity – as we mentioned earlier, dealing with a data breach and its aftermath is a time-consuming affair. You’ll suddenly be plunged into a nightmare scenario of appeasing customers or patients, dealing with examiners, paying fines, juggling finances, and praying that your business can weather the storm. Normal operations will have to take a back seat, for you and your managers at least, while you try and contain the damage.
The good news is that you can (and should) attain compliance with your industry’s regulations, and you can prevent a data breach by implementing advanced security solutions. You may not be as high profile as Sony, but you’re well known to your customers, so don’t become the next victim of a hack attack. Talk to the experts at IT Authorities today and stop playing Russian Roulette with your livelihood.