In today’s digitally-driven world, there is perhaps no bigger threat to businesses than a security breach. As data inches closer to becoming the world’s most valuable commodity, businesses are collecting masses of personal information; using it to understand their customers and provide better experiences. It has also led to a surge in high profile breaches.
Small businesses shouldn’t assume these issues are exclusive to large corporations. As small businesses shift their operations to the cloud, the potential for data breaches increases regardless of a company’s size, and currently the United States does not offer any governance to guide best practices. Some states have enacted privacy laws of their own as a form of data security that’s entirely transparent for users, but until there exists something on a national level, don’t expect there to be much consistency across companies.
The small business landscape demonstrates that not everyone is as concerned about privacy as they should be. For example, according to recent Zoho research out of Australia:
- Just one in three (35%) small businesses currently have a “defined, documented and enforced privacy policy regarding the personal data collected, used and disclosed through their business.”
- One quarter (27%) don’t have a privacy policy or don’t know if they do, and 38% have an “informal or unenforced” policy.
When data is collected transparently and stored safely, it holds great value for small businesses and their customers. Still, as risks increase and policymakers lag, awareness, education and action are essential.
Here’s more on what small businesses need to know, and do, today.
Awareness
For small businesses, it is too easy to ignore security of private data. Many business owners believe they are too small and do not hold enough data to be targeted—or that their data wouldn’t be usable due to how niche it might appear. Unfortunately, this is no longer the case. Modern attacks are entirely random, targeting businesses of any size through vulnerabilities in their system. An attack can disable systems, steal or compromise data, and even use a breached computer to target others, meaning that just because a particular company might have unusable data doesn’t mean their partners are safe.
Concerned companies can start by taking a look at the system under which they’re currently operating, and explore where vulnerabilities might occur. A great place to start is by identifying the places where disparate systems, built by different vendors, exchange data with one another. This might be where a CRM integrates with sales processes, or when a virtual meeting platform pulls files from an online host.
Due to the inconsistencies in privacy governance mentioned above, which may have required certain security measures to be in place, hand-off points between vendors are rife with potential for security breaches. Vendors often run their own security processes within their closed system, and without visibility into an attack that might be happening elsewhere, these pieces of software are unable to prepare, or the employees monitoring them are unable to adapt. When new means of attack are developed, there’s no guarantee that all of the companies within an integrated system will push software updates at the same time.
Education
Small business systems need to wall themselves off from every angle, and that’s where the concept of unification comes in. A unified technology stack is a solution that includes an entire suite of applications that connect together in one platform. This enables seamless integration and data exchange between every tool, and therefore all the processes and departments that rely on them. Rather than your business requiring different vendors and paying for different applications for sales and marketing, finance, human resources, business analytics, collaboration etc., an integrated approach enables you to use one vendor for every technology need. The goal is to reduce the number of vendors to a few whose data privacy and security standards match the values of your business.
Unification also simplifies and expedites the education process. Small businesses should take a look at their vendors’ privacy and data policies and note where they overlap with the ones already in place—and, more importantly, where there exists little overlap.
When companies work with one vendor, this is a less arduous task and results in fewer action items. For example, under multiple vendors, if one has issues with remote logins and another is operating using outdated incident reporting software, companies are required to learn about two areas of potential vulnerability, not just one; an individual vendor’s technology is unlikely to cover for the gaps in another. The more vendors a small business uses, the greater the cost, the longer the time required to implement and master the technology, and the greater risk of silos forming around individual tools, departments or processes.
Action
Even with many small businesses currently operating under-the-radar, without urgency to protect from data breaches at this very moment, all small businesses as a matter of best practice have a duty to protect their businesses and the data of those using it, whether it’s through security measures or transparent collection processes. Those that fail to do so could be more susceptible to breaches and loss of consumer trust.
No matter how small businesses are using data, or how often, they need to put together privacy policies of their own and share them with consumers ASAP. Transparency on privacy has become the norm; consumers are used to being given information on a company’s use of data when visiting their website. When determining what to put in this policy, and how detailed to be, small businesses should look to bigger players and aim to be as comprehensive. Consumers are savvier these days and will appreciate the nitty-gritty, and that initial trust will grow over time.
Small businesses without a unified tech stack might want to change this as soon as possible. It might require a bit of a financial and technological lift to do so, but much can be saved by not having to mitigate future data breaches that could undermine consumer trust. After that, if an analysis of a small businesses system still reveals areas of concern, small businesses can take a look at what else their vendor offers. Another piece of a vendor’s technology, or a tweak to an existing one, is likely going to be an easy and inexpensive thing to implement if done early.
Perhaps most importantly, small businesses need to start paying attention to how national privacy legislation is beginning to develop. Once it’s implemented, companies that make the required changes quickly are going to be in the best possible position to enhance consumer trust. Privacy policies from California, the EU and Australia are great places to start in developing a sense of what might be coming.
Conclusion
Small businesses are more sophisticated than ever, but awareness, education, and action is too low. Any reforms to protect consumers are vital, and should be celebrated, but small businesses must be given time and guidance to comply. If they are given that support, they—and their customers—can reap the benefits of a data-driven online world.