How a data breach can destroy your business

Following Data Protection Day, Christian Toon looks at how businesses can stay vigilant and keep ahead of cybercriminals.

The main focus of the day, now in its fifth year and celebrated across Europe, is to raise awareness of data privacy issues, rights and responsibilities. Most of the messages are targeted at individuals and concern personal identity, but data protection is a much bigger issue than this. Data is the lifeblood of your business. From customer records and financial information to sensitive commercial documents such as contracts and business intelligence, data underpins every aspect of a company’s operations and helps to keep you ahead of the competition.

The loss or damage of any of this data can cause irreparable damage. Studies have shown that more than 40 per cent of companies never recover from catastrophic data loss, and 90 per cent of companies that suffer a significant data loss go out of business within two years.

Top threats

Cybercriminals and identity thieves are quick to exploit new digital opportunities and loopholes, for example through phishing websites or viruses that intercept or infect your customer details. Physical documents can be stolen from offices or retrieved from waste and recycle bins if inadequately destroyed, and simple human error can lead to valuable information being lost or accidentally leaked. Everybody is familiar with the kind of data horror story that sees a briefcase full of confidential plans left on a train, or a disc containing customers’ financial details lost in the post. Even if no criminal activity ensues, the public relations impact of a data breach could severely damage a company’s brand and reputation, and render the company liable to an Information Commission fine of up to £500,000.

What can a small business do to protect its data?

  • Know what you know. Understand exactly what data you hold, where it is stored and who has access to it. Make sure you can track information as it changes hands.
  • Introduce information security policies for the whole business. These could include restrictions on removing data from company premises (for example on USB sticks or laptops) and standard procedures for filing and storing paper records at the end of a working day.
  • Provide training for all employees handling sensitive or important data on a daily basis. This includes employees in HR, sales, finance and IT.
  • Ensure you have the right IT processes in place. Back up and encrypt all digital information such as emails or electronic files.
  • Securely delete information that is no longer required. Once customer data is no longer needed it must be disposed of using a system that is standard across the business. Secure particle shredding of documents and discs is an effective way of destroying information that is no longer relevant or useful.
  • Understand the legislation. Government legislation is increasingly complex and the fines for non-compliance and data breaches are increasingly stringent. The excuse that you didn’t understand it won’t protect your business from the resulting fine.
  • Consider outsourcing your information management to a trusted supplier who can securely remove, archive, manage, retrieve and, ultimately, delete information for you.

While this list is far from exhaustive, it demonstrates that data protection is a serious issue that requires commitment and ongoing review. For rapidly growing small firms, existing procedures can easily be overtaken by changing needs. No business wants to fail, and certainly not as a result of something as avoidable as a data breach. Information is one of the greatest assets of any business – it pays to keep it safe.

SME security breaches double

Businesses are losing billions of pounds due to information breaches.

Some 74 per cent of SMEs say they have been subject to malicious security attacks in the past year, according to professional services firm PricewaterhouseCoopers (PWC).

The main types of breaches reported were infection by viruses or malicious software, theft or fraud committed by staff and attacks from unauthorised outsiders breaking into the organisation’s network.

Chris Potter, partner at PWC, says: ‘All types of breaches were on the increase and a conservative estimate is that the total cost to business in billions of pounds is now into double figures.’

Of the small businesses polled, 75 per cent say they now assess information security risks, compared to just 48 per cent who did so in 2008, with 43 per cent expecting more incidents next year.

Andrew Beard, director at PWC, says: ‘Part of the solution to ensure better security is encrypting data. There has been huge improvements in this area with regard to laptops, USB sticks and other removable media.’

Christian Toon

Christian Toon

Christian is a cyber protection and security strategist and consultant.

Related Topics

Data Security