Only You Can Prevent a Data Breach

We hear horror stories about how corporations’ computer systems or financial data are hacked into, leaving quite a mess to clean up. Unfortunately, as a small business owner, you’re not immune to data breaches, reports PropertyCasualty360. The sad fact is, many of the virtual attacks can be prevented, but only 27 percent of small businesses actually test their data security, Newtek Business Services data shows.

Waiting until after an attack is a poor time to decide you need a firewall!

data breach

Verizon issues an annual data breach investigation report. In this year’s report, we were amazed to find out that 96 percent of breaches were avoidable through simple or intermediate controls. These aren’t highly complex technical attacks, and they’re certainly ones that can be prevented.

Where It’s Happening

Chris Porter, principal on Verizon’s risk team, shared a few real-life scenarios with us (without disclosing company names) as examples of small businesses that are suffering from data breaches.

One small restaurant in New York City was attacked by an organized crime external hacker, resulting in its customers’ credit card data being compromised. By installing customized malware, the attacker could  capture keystrokes or card-swipes on the point-of-sale terminals, getting access to debit and credit cards. The software also collected the stolen credit card numbers. The restaurant found out about the breach when its bank notified the restaurant that it had been flagged for fraud.

How This Could Have Been Prevented: Porter says that preventing this type of data breach is fairly simple:

“Companies should ensure there is a firewall in place that protects remote services to only the IT management firm’s network.  Change all default and attributable passwords to something more complex and not easily guessable.

If an employee leaves the company, change passwords they had access to. And if you outsource point-of-sale management, make sure the firm you work with has controls in place to prevent breaching.

Even small banks aren’t immune to attacks. A credit union in California was attacked via email, leading to an intrusion. Porter says they’ve seen Excel or PDF attachments on emails that appear to be from UPS. These emails ask the recipient to verify package delivery, but instead install malware on the computer where the email is opened.  Malware can steal credentials to bank accounts and get access to sensitive information. The unauthorized banking transactions caused by the hack were discovered the next day by an employee.

How This Could Have Been Prevented: Email is tricky, especially if you’re used to getting emails from people you don’t know.  Instruct your staff not to open attachments or click links if they’re unsure of the origin.

Porter also says:

“It is advisable to have the workstation used for banking or wire transfers on a segregated network.  If this is not possible, make sure that the system isn’t used for regular Web browsing or social networking.”

Are You Protected Against a Data Breach?

The advice for businesses is pretty clear cut. You should back up your data often. Use anti-virus protection on your PC. Install a firewall. Change passwords regularly. But often this sort of thing slips through the cracks for overcommitted small business owners. And the fact that most of us don’t have an IT department means that often, anything security-related is not high priority.

But waiting until after the fact to beef up your virtual security may be too late; data breaches can bring stress, headaches and unwanted publicity to your company. Do you really want to be known as the company that doesn’t value its customers’ information enough to protect it?

Work to train your staff to be diligent when opening email, and to review transactions and files for potential tampering or fraud. Encrypt any sensitive data to make it harder to hack. Make sure you’re on top of changing passwords when employees (especially those who hold a grudge) leave your team.

Just an ounce of prevention now can save you a pound of hurt later.


Susan Payton Susan Payton is the Communications Manager for the Small Business Trends Awards programs. She is the President of Egg Marketing & Communications, an Internet marketing firm specializing in content marketing, social media management and press releases. She is also the Founder of How to Create a Press Release, a free resource for business owners who want to generate their own PR.

3 Reactions
  1. Interesting that the vast majority of these data leaks were preventable. At a conference several members of my company attended recently, one of the speakers gave a talk on current security measures. The general consensus seemed to be: It is not a matter of totally preventing security breaches, that is impossible. Rather, it is a matter of determining how many and what kind of breaches are acceptable, and taking measure to prevent those that are not.

  2. @Curt Finch–
    Good points. You can’t expect the impossible, but preparing is key!

  3. Susan, you bring up some good examples here. I hope readers take note that for every small business breach you list here, there are many more just like them. The prevalence of attacks on SMBs is staggering—more than 40 percent of SMBs experienced data loss due to a breach in 2010, according to Symantec’s SMB Information Protection Survey. Fortunately, there are simple steps SMBs can take to secure their businesses. Here are some tips from one of my colleagues at Symantec on how SMBs can defend against a security breach:

    Chris Halcon

Leave a Reply

Your email address will not be published. Required fields are marked *