A recent study conducted by Ipsos Reid has revealed that small businesses do not fully realise the impact of a data security breach and as a result are not adequately safeguarding sensitive and confidential customer information. In particular, many US small businesses are taking a passive approach when it comes to protecting their data, leaving them highly exposed to data loss and the consequences of possible financial, reputational damage as well as stiff regulatory penalties.

The survey highlighted that an alarming number of small businesses (69%) were unaware or didn’t believe that lost or stolen data would result in financial impact and harm to their businesses credibility.  The 2013 Ipsos Reid survey featured two distinct sample groups: small business owners in the United States (1,008), which have fewer than 100 employees, and C-suite executives in the United States (100), who have executives that work for companies with a minimum of 500 employees within the US.

According to the Study Findings:  

  • 40% of small business owners have no protocols in place for securing data – +5% increase from last year
  • More than one-third of the small business report that they don’t train staff on information security procedures
  • 48% have no one directly responsible for management of data security
  • Only 18% would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats

The survey also found that C-suite executives (12%) reported financial losses of more than $500,000 resulting from data breaches this year than in previous years; yet, 23% of the C-suite executives surveyed said they did not believe a data breach would affect their businesses. At the same time, while awareness of legal requirements among C-suite executives had increased by 4% from 2012.  According to the survey, only 16% report training employees on protocol twice per year, down 11% from 2012.

Looking after the information you hold doesn’t need to be arduous. However, under Data Protection legislation, as a business you are legally obliged to protect any information you store or process about your clients, employees or suppliers and must ensure:

  • Only collecting data that you need for a specific purpose;
  • Keep it secure;
  • Ensure data is relevant and kept up to date;
  • Only hold as much as you need, and only for as long as you need it;
  • Allow the subject of the information to see it on request

Data security is a company-wide effort that requires the cooperation of all employees and vendors, to safeguard the company’s interests and to protect their own. SMBs should encourage employee input through developing ongoing training initiatives to help prevent and minimize both internal and external risks. There are various DLP (Data Loss Prevention) technologies which allow businesses to easily control their data environment through automated reporting of exposures and continuous risk assessment. Security efforts need to be ongoing, so that best practice procedures become engrained within the culture and operating system of the company.

Good data handling and security process makes sound business sense.  It provides a range of benefits including enhanced business’ reputation, increased customer and employee confidence and helps to retain accurate business information which in turn leads to greater cost and productivity efficiencies.

Through embracing a positive approach to data protection through improved employee process and education, fully automated protection technologies and ongoing review, SMBs can confidently and reliably secure their customer’s data privacy and realize even greater and more sustainable business benefits.

Author: Damien O’Donnell, Regional Sales Manager, PixAlert

Article Reference: PR Newswire

Comments are closed.