- By Morris Bocian

If you think just because you own a small business you don’t need to think about securing your data, think again! After all, you may think, who would be interested in my information? I’m below the radar.

According to the Privacy Rights Clearinghouse there have been more than half a billion (500,000,000) breaches of sensitive information since 2005. Approximately 20 percent of those breaches occurred in small to mid-sized retailers and non-financial, non-insurance related businesses. Further, the correlation between data breaches and bankruptcy is astounding. Approximately 80 percent of small businesses that experience a data breach sustain major financial losses or go bankrupt or within two years of the breach.

The primary causes of these breaches include:

• Discarded, lost or stolen documents
• Discarded, lost or stolen mobile devices
• Bad employees
• Hacking or malware
• Information stolen at point-of-sale/service terminal
• Stolen or discarded computers or servers
• Inadvertent disclosures

Data security isn’t purely a technology issue; it is about how sensitive you, the business owner, are to safeguarding information. That includes establishing and enforcing security policies, hiring the right people, using common sense and understanding causes of breaches and the impact on your business if you let your guard down.

As stated above, a business’ failure to address data security can be devastating. According to the National Conference of state Legislatures, five states enacted security breach related legislation and at least eighteen states have introduced legislation involving liabilities to those who breach security. Liabilities resulting from such a breach may vary by state.

According to InformationWeek you can not outsource liability from a security breach. Conducting due diligence on the company you are outsourcing (should you take that route) is important. To complicate things further, today data is stored in “the clouds.” Storing information offsite does not relieve you, the business owner, of liability from a breach that occurs as a result of cloud computing.

Further, certain government statutes (such as the Health Information Technology for Economic and Clinical Health (HITECH)) Act that require reporting breaches of unsecured data. It is strongly suggested that you speak to your attorney to discuss potential liabilities. The attorney should be involved when determining risk mitigation strategies.

If you do not have the computer background, hire someone who can help you. You will need to identify and inventory your sensitive information. What do you use it for? Who has access to the information and the computers, servers and hard drivers where the information resides?

If appropriate, segregate sensitive information to a few computers, servers and drives. The fewer copies of data you have, the easier it is to protect. You might want to limit access to sensitive information to certain employees.

From the Human Resources Side:

• Lock filing cabinets, and areas in rooms that contain sensitive information. Locked boxes often keep employees honest, so only grant access to trusted employees.

• Conduct due diligence on all new employees. That might include reference and background checks.

• Make protecting sensitive information part of your company’s culture. Treat it as the intellectual property you need to operate your business. So enforcing your privacy policy is important.

• Use paper shredders and place them so it is convenient for your employees to use. Trash cans contain a wealth of information if paper is not cross shredded.

l Make sure you and your employees download apps from reliable sources only! Apps may contain Trojan horses, spyware and viruses. If you do not trust the apps source, do not download it. Alternatively, you might want to block an employees’ ability to download applications. All new applications are to be installed by your IT professional/consultant.

From the Technology Side:

• Keep anti-virus, anti-malware and anti spyware up to date.
• Encrypt electronic files that contain sensitive data. This is especially true when your information is mobile, such as with a laptop.
• Protect your hardware and software. If equipment is used out of the office make sure you have strong password protection.
• If you are involved with e-commerce, use Secure Sockets Layers (SSL) for receiving or transmitting sensitive financial information, including credit card numbers, social security numbers and date of birth.
• Consider hiring a consultant to assist you in assessing the strength of your security and help you plug any holes.

In the event of a breach, do not panic. You should:

• Get help
• Contain the breach
• Protect your business so it doesn’t recur
• Comply with the existing laws - do not cover up a breach.

About DiversityPlus Magazine:
DiversityPlus is much more than “just” a supplier diversity magazine.Thanks to its strong media platform, which includes the print edition, digital magazine, website, weekly newsletter, social media, blogs, and video, DiversityPlus is able to provide print readers in seven countries and more than 117,000 digital readers worldwide with access to leading-edge supplier diversity content, webinars, and events.

What you’ll read in the pages of DiversityPlus represents the most current and impactful thinking about diverse supplier relationships. Plus, with over 17 years in print, our trend research, interviews, and feature articles showcase a depth of industry relationships unmatched by any other supplier diversity publication.