News about data breaches that affect big businesses and brands make the front pages. News about a cybersecurity hit on the neighborhood hardware store or the local pharmacy or coffee shop only seem to make headlines at the dinner table.
If you own or manage a small or family business, it’s vital that you take steps to mitigate the impact a data breach can have. Not only can a breach seriously impact your bottom line, it also takes valuable time and resources to resolve, and can have a negative PR effect if your customers don’t believe they can trust their information is safe in your hands.
According to the Global Security Alliance, some estimates indicate that 58 percent of cyberattacks are targeted against small businesses. These phishing, malware, and ransomware attacks can have devastating financial consequences.
A Data Breach is Going to Cost You, and More Than You Might Expect
According to the Ponemon Institute’s 2020 Cost of a Data Breach Study, the average cost per lost and stolen record in 2019 was $150. Multiply this by the number of your own customers and that cost alone can be staggering. In addition, the average time to identify and contain a data breach was 280 days – valuable time that can eat away at your profit margin.
Security Magazine found that the average cost of a data breach for a small business is $36,000 to $50,000. While these aren’t the headline-making figures of a national brand’s data breach, smaller businesses are typically less able to absorb these costs You could be subject to fines, have to foot the bill for a forensic investigation, pay for credit monitoring for those customers who had their data compromised, and more.
Longer term, your costs are more “soft,” and include the immeasurable loss of your customers' trust. Your loyal and valuable customers need to believe that you have taken proactive steps to protect their information or more than data is at risk. Your reputation stands vulnerable as well. According to this PwC report, 85 percent of consumers won’t shop at a business if they are concerned about its security practices.
What’s Your Small Business’ Cybersecurity Plan?
No business is too small to be targeted. But all businesses need to be prepared or risk being vulnerable. Whether you’re operating as a one- or two-person shop that wears all the hats, or you have an IT team at the ready, understanding your risks and guarding against them with a data breach response plan or template should be at the top of your to-do list.
What Puts Your Small Business at Risk?
If you accept credit and debit cards, you’re at risk. If you handle any sensitive customer data, you’re at risk. If you send files to your bank, third-parties or trading partners, you’re at risk. Putting a detailed data breach response plan together is step one to minimize that risk.
A Small Business Cybersecurity Plan or Template is No Small Matter
You have a detailed plan for your business and for its success. Be sure that plan also includes a cybersecurity incident response plan to help protect your business from cyber-attacks. As security experts say, it’s not a matter of “if,” it’s a matter of “when” your business will be hit.
If you don’t yet have that plan, you’re not alone. According to the 2020 study on security response from IBM, 74 percent of businesses are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. Put yourself into the more secure 26 percent group when you implement one of the security plans below.
Data Breach Response Plans You Can Use Today
Creating a response plan, sometimes known as an incident response plan or a data breach response plan, is not easy. You’ll need to dedicate some time, focus, research, and resources to this effort. And, once your plan is created, you’ll need to test and update it regularly.
You don’t, however, need to reinvent the wheel when it comes to having this solid data breach response plan. When you get breached (not if), having this plan in place will help remove at least some stressors.
Small Business Cybersecurity Plan Templates for 2020
Here’s a few of the best incident response plan templates and best practices we’ve rounded up:
Data Breach Response Guide (Experian)
For companies just starting to think about developing a plan or for those looking to update current practices, this guide illustrates what a comprehensive data breach response plan should look like. It also shows how to implement one to meet the security challenges ahead. This guide includes a short quiz to see how prepared you are right now.
Defending Against Data Breach: Developing the Right Strategy for Data Encryption (GoAnywhere from HelpSystems)
This white paper guides you through how deploying strong security technologies for encryption, monitoring, and auditing the access and use of sensitive information helps form a strong defense against data breaches when transferring files between customers, trading partners, and more.
Data Breach Response: A Guide for Business (Federal Trade Commission (FTC))
This guide walks you through all the things to consider after you’ve been breached – who to contact, sample letters to inform affected individuals, and more. If you have a plan started, this guide could help you fill in any missing steps you may not have already thought of. The FTC also provide details on how to better prepare and defend against cybersecurity threats in these two publications: Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business.
Responding to a Data Breach: A How-To-Guide for Incident Management (PCI Security Standards)
If your small business is in banking or finance, this three-page how-to includes guidelines on how and when to work with a Payment Card Industry Forensic Investigator (or PFI) and offers an extra set of data breach resources and templates.
Global Security Alliance and MasterCard Small Business Cybersecurity Toolkit
This new cybersecurity toolkit is specifically designed for small and medium businesses worldwide and offers actionable guidance and tools with clear directions to combat the increasing number of cyberattacks towards smaller businesses.
Guide for Cybersecurity Event Recovery (National Institute of Standards and Technology (NIST))
This guide dates back to 2016, but we’ve included it because the information contained is still applicable for good cybersecurity practices today. This comprehensive post-attack guide walks you through all the stages of planning, improving, and building your small business recovery policy.
Security Policy Templates (SANS)
In collaboration with information security subject-matter experts and leaders in security policy knowledge, SANS offers a set of security policy templates for businesses to use.
Think Like a Hacker to Defend Against One
Get inside the mind of a hacker and find out how to better secure your data and protect the data your customers entrust to you and keep your customers information safe.
Think Like a Hacker and Secure Your Data