A data breach can be crippling for a small business. According to statistics provided by Small Business trends
, a whopping 60% of small companies shut their doors within six months of a cyber attack, and yet only 14% of small business owners are highly confident in their ability to protect against cyber risks and vulnerabilities.
With nearly half of all cyber attacks now targeting small businesses, it's important for owners to know what to do after a data breach, as well as what they can do to avoid becoming another sad statistic.
Data Breach Warning Signs
Wondering if you've been attacked? Here are some common signs a breach is underway:
What to Do if You Suspect a Data Breach
- If your internet is unusually slow or your devices are behaving strangely, it may be a sign that you've got malware onboard.
- If you aren't able to sign in to your normal user accounts using valid credentials, this may be a sign of tampering.
- An abnormal amount of outbound traffic may indicate a data transfer is in progress.
Avoid that first impulse to panic, and take these steps you can take to minimize the damage:
Notifying Your Customers
- Initiate your breach response plan. Having a data breach policy spelled out ahead of time can make a huge difference in your ability to react and recover.
- Do not turn off your main server, as a small business data security expert or other forensics consultant will need to analyze it. Switch to your backup server, if you have one, so that business operations can continue.
- Implement your data breach notification program to comply with any state laws.
- Contact your cyber liability insurance agent.
Most states have enacted some form of mandatory data breach notification laws that specify when, what and how you must communicate with customers affected by an attack. Be sure you understand the applicable laws in your state.
At a minimum, you will need to email your customers, but most small business experts recommend a personal phone call to your largest or most important ones. The potential hit to your company's reputation is one of the most significant intangible damages resulting from a small business data breach; communicating personally with your customers could go a long way toward protecting your good name and rebuilding customer confidence.
You may even want to set up a call center for a period of time after the incident to answer any questions your customers may have. Remember, it's important to clearly communicate the steps you are taking to protect your customers.
Putting Cyber Liability Coverage to Work
Although cyber liability coverage was once reserved almost exclusively for large corporations, no one is immune from a cyber attack anymore. Today's small business owners are increasingly adding these policies to their standard business insurance package. Here's how a good cyber policy should be able to protect you in the wake of a breach:
Preventing Another Attack
- Financial coverage for complying with mandatory data breach notification laws. Cyber liability coverage offerings from AmVenture Insurance Agency, Inc. can also include optional coverage to provide for monitoring of customer information for a specified period after a breach has occurred.
- Coverage for any legal fees arising from the breach.
- Indemnification for costs associated with data recovery and repair of any computer equipment affected by the attack.
- Liability coverage for website content including privacy violations, plagiarism, intellectual property infringement, and alleged libel, slander or defamation.
After you've addressed any vulnerabilities exposed by your security experts, make sure you're taking steps to minimize your risk of a future attack. Implement smart encryption and security policies and enforce them. Add a firewall to prevent attackers from accessing your data. Perform regular vulnerability assessments, and educate your employees on their role in protecting sensitive data. Always remember to back up your sensitive data to a remote location.
A data breach can lead to huge costs or a small business, both direct and indirect. These are costs you may be unable to manage on your own and still keep your doors open. Take the opportunity to explore your cyber liability insurance options now, and be better prepared to tackle this emerging threat to small businesses.
The opinions expressed here by AmVenture.com columnists are their own, not those of AmVenture.com.