Tips for Mitigating Loss During a Business Data Breach
One of the things that many small businesses take for granted is the security of their data and that of their customers, too. Often entrepreneurs and small-business leaders assume that their company isn’t a big enough target to be concerned about, but nothing could be further from the truth. Studies have shown that over 52% of small businesses experienced a cyberattack in the year 2020-2021. And during that same period, data breaches have risen among small businesses by 152%. Meanwhile, only half of the small businesses have reported developing and implementing a cybersecurity plan that could mitigate risks and protect their data.
With these facts and figures in mind, we consulted with several of our contributing partners and technology experts here at UpCity to ask them for their latest advice on mitigating loss from data breaches, increasing your small business’ cybersecurity, identifying vulnerabilities in your infrastructure and processes, and boosting your company’s overall data security. The panelists responded with a wealth of information and advice ranging from simple tips and tricks to more involved processes, but all of them are designed to help you protect sensitive data, avoid security breaches from malware/ransomware and phishing, and even keep would-be hackers at bay.
Before a Breach–Security Policies and Risk Management
Our experts’ advice fell into two categories–steps to take and plans to make before a security threat becomes a data breach, and advice on what to do after a breach has taken place. For the first category, everything from multi-factor authentication to data protection practices, antivirus software updates, and strong passwords was mentioned. The bulk of the advice was focused on how small businesses can do their best to stay vigilant and help prevent data loss before it happens.
“Cybersecurity requires systems and people. You should consider proactive security measures like firewalls that will help keep bad actors out. You should also consider reactive systems like malware scanners and intrusion detection systems that can help you identify an issue before it turns into a major breach. If you aren’t staffed to manage all of this on your own, your best move is to select vendors that can help you accomplish your security goals–just remember that the buck always stops with you. No matter who you hire, you need to stay in the loop, make sure your internal staff are abiding by your security plans, and have a plan for how to reach out and what to do in the case of an incident or breach.” –Robert Rand, Director of Partnerships and Alliances at JetRails
Planning and training your employees are two of the biggest areas where small businesses can shore up their cybersecurity. This is because many breaches are unintentionally made possible by phishing attacks that employees simply didn’t fully understand.
“When a breach occurs, adrenaline flows; that’s why it’s paramount to plan. Successfully mitigating a cyber attack starts long before the attack. Make sure that you have redundant and immutable backups, use monitoring software and add cloud-based cyber security into your mix, and develop a plan with your staff. This can be done with a tabletop exercise or as a workshop.” –Tim Steckel, Digital Marketing Expert at Lion Tiger Jaguar LLC
Many of our panelists pointed to the importance of employee training about cybersecurity and even recommended regularly testing and training staff members to help them avoid potential risks and pitfalls. This is not because employees are unaware of potential data breaches, but because cyber criminals know that people are often the easiest way to get past security measures and gain access to sensitive information.
“Since end users are most often the way a breach will occur, invest in cyber security training and test your users with fake attempts to phish or fool them to keep them aware and on their toes. Additionally, if your organization isn’t already covered, a cyber insurance policy should be looked into. And if your organization doesn’t have backups in place, this is the time to come up with a backup and disaster recovery plan! History has shown that clients who have solved this challenge can recover much quicker than ones who don’t.” –Chris McKewon, CEO and Founder of Xceptional
What’s true for individuals and their credit card information, social security numbers, or personal data is also true for breach prevention within companies and organizations. In both cases, the cost of a data breach can be extremely high, and protecting against cyber threats is much easier than repairing the damage after the fact.
“The best way to mitigate losses from a cyber attack is to prepare before they happen. Using off-server backup services, staying up to date with security software, and running regular diagnostics are all ways to reduce losses from a data breach. Then, if an attack does happen, discuss the next steps with law enforcement, put together a report detailing the scope of the breach, and inform customers about the breach. These steps are crucial for minimizing further losses due to customer complaints or even legal actions.” –Asad Kausar, CEO of Dabaran Inc.
Incident Response after a Security Incident
Even with the best cybersecurity and data protection measures in place, security risks still exist. To avoid impacts on your business continuity and to minimize losses, your security team needs a response plan that will allow everyone to protect company systems and data from mobile devices and company-issued laptops to servers, network resources, and enterprise technology. One of the most common tips was to figure out how and where the breach happened as quickly as possible.
“It is crucial to figure out where the breach occurred so that you can isolate those systems for analysis. The extent of the breach is crucial so that proper remediation steps can be taken and those affected can be properly notified. Work on breach systems to determine the cause and create measures and policies to keep this sort of thing from happening again. And enlist the help of IT security experts; this is not a time to be figuring things out on your own.” –Scott G Carr II, Owner of Farmhouse Networking
“Once you’ve stopped the immediate threat, you can then focus on identifying how the breach occurred and how to prevent it from happening again. Whether it was a link that was clicked on by an employee, a compromised password, a failure to patch promptly, or an internal security issue, identifying and remedying the issue is crucial. And if an incident results in a data breach, notification should be immediate. Not only do you need to notify your customers but also local authorities and, potentially, the FBI. There is no reason to withhold notification; in fact, the sooner you notify your customers, the better.” –Tom Hastings, CEO of thinkCSC
Another key warning that our panelists issued was to avoid trying to get your systems back online too quickly. If the security breach resulted in malware or another type of security risk being planted within your systems, jumping back online would immediately open the door for hackers and cybercriminals to steal more data and sensitive information.
“Scan your website for malware or data breach. A tool like Securi’s SiteCheck can give you a quick idea if there are any issues with the site. I would then immediately take the website offline as you do not know if there is an injection that is pointing to another website. Whether the scan shows any type of compromise or not, it is best to assess all of your accounts and change the passwords on everything. And turn off all of your PAID ADS. You don’t want to send any traffic to a dead site.”–James Byrne, Information Architect and Owner of After Dark Grafx
Given that small businesses rarely have the resources for full, in-house IT and cybersecurity teams, many of our experts also pointed out the value and importance of working with third-party vendors for real-time monitoring, information security, and incident response needs as well.
“Even with an incident response plan developed, it is still a good idea to approach a cyber security company to determine recommended next steps. They will be able to scan your environment to determine how the attacker got in and what data has been compromised so that you can plan your communications and remediation plan accordingly. Once the immediate danger is taken care of, it’s worthwhile to invest in a vulnerability assessment to identify any other weak points that could lead to future breaches and get a roadmap for resolving these issues.” –Colton De Vos, Marketing Specialist at Resolute Technology Solutions
Hear From Industry Experts
Read the latest tips, research, best practices, and insights from our community of expert B2B service providers.
More Support for Small Business Data Breaches
When it comes to mitigating losses to your business and your customers that a data breach can cause, there is much more to talk about. The tips and advice presented here are just a sampling of what our partners and small business experts at UpCity can offer to help you strengthen your company’s defenses and recover from a data breach quickly. To explore the available options and the support you can add to keep your data and technology safe, reach out to some of our cybersecurity providers at any time.
About the author
Rebecca helps keep all things content running at UpCity. Prior to joining, she was a magazine editor at an agency for several award-winning publications based in the Minneapolis-St. Paul area, and a content specialist for several brands within the SMB/B2B landscape. She also has significant experience in digital content creation, most notably targeting hunters and anglers (despite being a vegetarian) during her time at Gander Outdoors. Rebecca has also worked in PR, covering a diverse terrain of products and events, including the promotion of local musicians and music festivals and the latest craft beer offerings from local breweries.