Most small firms don't think a data breach could happen to them

At the same time, the survey of 501 US small business owners, conducted by the Pert Group on behalf of the Hartford, found that 61% of business owners believe a data breach violates trust and would jeopardize their relationships with customers, patients, and employees.

“Many small business owners believe that only major retailers or technology firms are at risk for a breach. In actuality, small business owners are being targeted more often”, said Lynn LaGram, assistant vice president for small commercial underwriting at the Hartford.

“Small business owners are incredibly busy, focusing on running their business – their passion. Business owners often don't have the time or resources that larger companies may have to assist them in protecting their data”, LaGram told Infosecurity.

More than one-third of small businesses surveyed say they have a more negative opinion of companies that have recently experienced a breach, based on the companies' handling of the breach.

About a third of business owners (34%) say they would have difficulty complying with government notification requirements, and 47% acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.

The survey also found that business owners vary in their adoption of eight data protection best practices: lock and secure sensitive customer, patient, or employee data (48%); restrict employee access to sensitive data (79%); shred and securely dispose of customer, patient, or employee data (53%); use password protection and data encryption (48%); have a privacy policy (44%); update systems and software on a regular basis (47%); use firewalls to control access and lock out hackers (48%); and ensure that remote access to their company's network is secure (41%).

“There are some simple measures a small business owner can take to help prevent a breach from occurring. These steps range from password protecting access to data and restricting employee access to sensitive data, to securely shredding and disposing of data”, LaGram said.

“These measures can help reduce but not eliminate the risk of a breach, so it is also important to have data breach insurance in place to help the business respond and recover in the event of a breach”, LaGram added.

What’s Hot on Infosecurity Magazine?