Ten years ago, when I spoke with businesses about their IT strategies, one of the major gaps I would find was in data backup coverage – especially with small and medium-sized businesses. Entrepreneurs can be notorious optimists, and many just thought “it will never happen to me.” There are all-too-many stories of businesses suffering severe financial harm and crushing stress while trying to recover from a crashed hard drive that was not backed up.
These days, even most small business have accepted the need to commit to some type of backup strategy, with varying levels of thoroughness. However, a new IT threat lurks for businesses of all sizes: the data breach. Data breach risks fall into two main categories: 1) breaches that cause your business economic harm by compromising your important business secrets or result in a direct loss of funds, or 2) breaches that compromise the PII (Personally Identifiable Information), PHI (Protected Health Information), or any other private data concerning your customers. It is common for a business who has suffered a data breach to face risks from both categories. It is a given that businesses who suffer a data breach are open to potential legal bills for defending against class action suits brought on behalf of customers.
Just as ten years ago, after a hard drive crash, a business would suddenly realize the need to be proactive rather then reactive concerning a backup strategy, businesses today are realizing the need to be proactive concerning data breach risks. Obviously, a first step is to harden security protocols to prevent a breach.
However, as long as humans still work in businesses and have access to data, data will be breached. Recent well known hacks of Target, Anthem, and EBay have shown that even corporations with multi-million dollar IT budgets can be compromised. Steps beyond mere prevention must be taken.
Prudent organizations have a data breach strategy already in place, because it’s always easier to plan before a crisis occurs. If a breach event takes place, management already has existing relationships with lawyers, PR professionals, and forensic IT consultants to mitigate the risks to the company. Research shows that having a data breach plan in place substantially reduces the bottom-line cost of the breach to the company.
If you’d like more information on how to develop a comprehensive data breach protection plan for your business, please reach out and we would be happy to have a conversation with you.