In for the Long Haul: The Long-Term Effects of a Data Breach for SMBs
It’s a common belief that cybercriminals target large businesses for data breaches; however, the truth is that in 2021, small and medium businesses (SMBs) were the biggest and most easily accessible targets for data breaches. Sontiq’s Mid-Year 2021 report concluded that 69% of all data breaches for this year so far have been to small businesses.
WHAT IS A DATA BREACH?
A data breach is when data held by an organization is lost or stolen by an attacker. Often, the data that’s hacked contains sensitive and private information such as Social Security Numbers, date of birth, home addresses, driver’s licenses and even health and medical information. Cybercriminals look for weaknesses in a business’ cybersecurity system and prey on those weaknesses to exploit sensitive information. The blame for data breaches is on the businesses that failed to secure employee and consumer information, and it’s the businesses that are responsible for cleaning up the wreckage.
Examples of common data breaches include:
Malware: Malware can come in many forms, such as viruses, worms, trojans and ransomware and can be installed by someone accessing a company device, an employee opening an email attachment that contains malware, visiting an infected site and by simply not keeping your devices up to date.
Phishing: Usually done via email, hackers create realistic emails that prey on the victim’s emotions in an attempt to trigger a rash response such as clicking on an infected link or attachment.
THE CHALLENGE FOR SMALL AND MEDIUM BUSINESSES
Small and medium businesses face a unique challenge when it comes to data breaches. Because of their size, dedicating the necessary recourses to data security can be seen as an obstacle that sometimes gets ignored in favor of more pressing financial needs. Small businesses can also lack the resources or knowledge needed to develop and implement a cybersecurity policy and response strategy. As a result, SMBs remain open to cyberthreats such as data breaches that could have been avoided by educating employees on cyber risk and how to recognize a potential breach.
In a 2017 study conducted by Small Business Trends, only 14% of small businesses would rate their ability to protect themselves from cyber risks as highly effective. Of the companies studied, 50% reported they’d had data breaches in the past year containing sensitive employee and customer information.
Short-Term Effects of a Data Breach
Once you realize your organization has suffered a data breach, it’s time to start repairing the damage. Initial data breach clean-up usually consists of:
Direct fines and fees
Costly forensic investigations
Future security costs such as credit monitoring for customers effected by the breach
Cost of replacing cards, identity theft repair, and other compliance requirements depending on the severity of the breach
Long-Term Effects of a Data Breach
While the initial cost and brand damage of a data breach can be staggering, those consequences have a ripple effect that can harm your organization for years to come. Some of the lasting scarring of a data breach includes:
Compliance fines, legal fees, insurance premiums
Drop in sales
Loss of consumer trust
Long-lasting brand damage
The biggest long-term consequence of a data breach is the loss of customer trust.
A 2017 study conducted by PwC concluded that 92% of consumers reported that businesses need to be more proactive about cybersecurity and cyber risk.
It only takes one data breach to tarnish a business’ reputation and lose customer trust, but it can take years for a company to repair brand and reputation damage. In fact, it was reported that 85% of consumers won’t do business with a company that has had a recent data breach, with 29% of those surveyed reporting that they would never do business again with a company that had a data breach.
THE COST OF A DATA BREACH
The average cost of a data breach for small and medium businesses is $149,000. However, most SMBs don’t recognize the cost a data breach would incur. In a 2019 study, SMB leaders estimated that a data breach would only cost $10,000, with less than 20% of participants acknowledging that costs could reach over $100,000. In 2020, the average cost per-record for breached data was $150. Even if only 100 records were breached, the cost for those records alone is $15,000 - $5,000 more than the estimated total cost of a data breach by SMB leaders. As a result of both the long and short-term effects of a data breach, Sontiq reports that 60% of small businesses are forced to close within 6 months of a data breach.
RECENT DATA BREACHES
Maine Drilling and Blasting, Suwanee, GA – January 2021
Information accessed includes SSN, driver’s license, date of birth, bank and card information and healthcare information.
Following the attack, Maine Drilling and Blasting secured their network and engaged a third-party forensic computer investigator.
It was ultimately determined that the computer network had been accessed by someone outside of the company.
Data breach affected an estimated 454 individuals.
For more information, click here
Colorado Retina Associates, Denver, CO – January 2021
Information accessed includes names, SSN, financial accounts and medical treatment information.
Once the breach was identified, the company began an investigation and sought help from a third-party computer forensics investigator and secured all employee email accounts.
Unauthorized personnel hacked into two employee work email accounts and used those accounts to send phishing emails to other employees and individuals in their contacts.
Data breach affected 26,609 individuals.
For more information, click here
Rehoboth McKinley Christian Healthcare, Gallup, NM – February 2021
Information accessed includes names, addresses, date of birth, SSN, driver’s license and personal medical history and healthcare information.
A third-party computer forensics firm was hired to help with the investigation.
It was discovered that a sample of the stolen files were uploaded to a data leak site in order to pressure the healthcare provider to pay a ransom. It is not publicly known if a ransom was paid.
Data breach affected 207,195 individuals.
For more information, click here
WHAT TO DO AFTER A DATA BREACH
Identify the breach, how it occurred, and what kind of an attack it was. This is also the time that you should be establishing a containment strategy to ensure that no other sensitive information is accessed by the hacker.
Assemble an incident response team. Ideally, this team and their contact information would have already been circulated to employees so they can get in touch immediately should a breach occur.
Communicate that a breach has occurred. Businesses must communicate that a breach has occurred if personal data is involved within 72 hours of detection. Need help creating a data breach notice? Beauceron Security provides FREE data breach notice templates so you don’t have to.
Secure all systems. Data breaches occur because of vulnerabilities in your systems, so it’s important to make note of those vulnerabilities and actively try to fix them.
Evaluate the data breach and your team’s response to the breach. What could have been done to prevent the breach? How was your team’s response to the breach? This is also a good point to start working on educating and training staff to prevent a future breach.
Knowing exactly what to do, when to do it, and how to do it can be intimidating following a data breach. Get ahead of cyberthreat by composing a disaster recovery plan using one of Beauceron Security’s FREE templates.
HOW TO AVOID A DATA BREACH
The best way to avoid a data breach is to educate employees through cybersecurity awareness training. Businesses that have educated and informed employees can reduce the risk of a data breach. The Beauceron Platform provides employees with the training necessary to help spot a potential cybersecurity risk and care more about cybersecurity. Educated employees are able to make informed decisions that can turn a business’ worst nightmare into an easily avoided disaster.
Training employees on good password hygiene (not reusing the same password or versions of it), using trusted and secured networks and using two-factor authentication all help reduce a business’ cyber risk. With customizable courses, the Beauceron Platform allows you the freedom to identify your organization’s weakness and assign courses based on your company’s needs.
Educated employees are your business’ best defense against data breaches. Click here to start protecting your business today.