When people hear someone talking about a data breach, they often think about major companies like Target or Experian. In reality, 28 percent of breaches occurred at small business in 2020. These threats involved malware attacks like backdoors, export data, spyware and C2. Additionally, hacking attacks like using stolen credentials, brute force and SQLI also caused data breaches.

These problems are an issue because of the financial risks they involve. When a data breach occurs, customers lose faith in the company. No one wants their personal data to be at risk, so customers will often go to a different business. In addition to losing current customers, your small business may also lose future customers. Your brand image and reputation take a hit following a major breach. Almost one out of three customers report that they will stop using a small business that has suffered from a major breach. 

Further, in the short term, your business will also have to pay to mitigate the damages. According to an IBM report, the average breach costs $3.86 million. If you work in health care, the average cost is a whopping $7.13 million. Over the last few years, the costs of a breach have decreased for prepared companies. For unprepared businesses, the costs have been rising significantly. 

Breaches can lead to a wide range of direct and indirect costs. 

  • Bad publicity can cause customer churn.
  • Some breaches lead to regulatory fines.
  • Businesses lose opportunities with clients and vendors following a breach.
  • You have to pay the immediate costs of remedying the breach.
  • During a breach, clients may not be able to purchase from your company.
Almost 40 percent of the average total cost is because of lost business. You may lose revenue because of system downtime or suffer from higher client turnover. Likewise, you may have to spend more money to acquire clients because of damage to your reputation. 
These costs can quickly add up. For small businesses, data breaches can be financially devastating. In one survey, 10 percent of small businesses went out of business because of a breach. A total of 25 percent of small businesses had to file for bankruptcy. Unless you want your company to go under, you need to make sure that it is protected from data breaches.

Data Breaches Are a Widespread Problem

Unfortunately, data breaches are a growing issue. The largest data breaches affected billions of consumers. You may have already heard about the size and scale of the following breaches.
  • Yahoo's breach in 2019 affected 3 billion customer accounts.
  • MySpace's 2014 breach revealed customer data for 360 million accounts.
  • A breach in 2020 impacted 172 million Sina Weibo users.
  • The 2017 breach at Equifax harmed 147.9 million consumers.
  • Email addresses and personal data from 137 million accounts were exposed during the 2019 Canva attack.
  • A total of 165 million LinkedIn accounts were placed at risk during the 2012 breach.
Unfortunately, data breaches and hacks can occur at small businesses as well. In one survey, 21 percent of small and medium businesses (SMBs) said that they had suffered from an attack during the previous 24 months. A total of 41 percent of small businesses spent $50,000 or more on a single breach.

How Do Data Breaches Affect Your New York Small Business?

A data breach can harm your company in a variety of different ways. Many companies have to deal with lost intellectual property. Over the years, your company has acquired unique processes, specialized products and trade secrets. When data breaches occur, all of your intellectual property can be lost in a moment. As soon as this data disappears, your company loses its competitive edge as well. 

Data breaches can also involve your employee data. When you hire employees, you have to collect their Social Security numbers and personal data. If you pay through direct deposit, your company also has their bank account information. Likewise, your company may have health and disability information about your workers. All of this data is potentially at risk during an attack.  

Customer data may also be at risk during an attack. Data breaches at Yahoo, MySpace, Equifax and Target targeted customer data because this data set includes financial information. During a breach, attackers can access customer information like credit card details, personal information and bank account details. Once attackers invade your customers' privacy, their personal information may be online forever. 

How Can You Prevent Data Breaches?

While data breaches can cause millions of dollars in damage, there are steps you can take to prevent them. In addition to getting your internet technology (IT) professionals involved, it is important to train your frontline workers on best practices as well. Data breaches can occur because of employees mishandling information or unintentionally exposing their passwords. 

Anyone who interacts with your network is a potential security risk. With so many employees working from home, employers need to worry about children, friends and neighbors using the same internet connection. Each person is a potential security risk, but there are prevention techniques you can use to mitigate your company's risk level. 

Update Your Software As Soon As Patches & Updates Are Released

One of the biggest security risks is outdated software. Unfortunately, many people ignore software patches and updates until it is too late. If you want to prevent data breaches from happening, you need to install software updates as soon as they are available. 

Upgrade Your Devices Regularly And Ensure Manufacturers Are Updating Older Devices

Eventually, manufacturers will stop making your favorite devices. When this happens, you need to buy new ones. Once a device is discontinued, manufacturers stop spending time and resources on updating them. This means your old devices may have humongous security flaws, and these flaws will not be fixed. 

Educate Your Employees and Leadership Often and Encourage Continuing Education About Data Breaches

Your workers can expose your data by unknowingly clicking on a bad link. If an employee accesses their work account at a cafe, other people could see the password they enter into your system. There are many different ways workers are exposed to socially engineered attacks, and the best way to stop them is through employee education. 

Create Better Policies Company-Wide To Encourage Smart Security Practices

Many workers like to use their own devices. Before you let workers use their own laptops and smartphones, you should review your security policies. Your business should make workers equip their devices with antivirus protection and business-grade virtual private networks (VPNs). 

Improve Your Encryption By Investing In High-Grade Encryption Software

Encryption basically transforms your communication into a secret code. Without the encryption key, hackers cannot unlock the code and see your data. To protect your business, you should invest in high-grade encryption. 

Require Strong Credentials and Multi-Factor Authentication

To protect your customers' privacy, you should require strong credentials and multi-factor authentication for anyone who wants to use your system. If your workers struggle to remember their passwords, encourage them to use a password manager. The password manager will safely store their passwords, so your system will remain protected. 

Technology is a double-edged sword. While it has brought significant advancements for business owners, new technology also carries risks. After data breaches, costs can quickly add up. In some cases, small businesses will end up failing and going bankrupt because of the high costs.

Fortunately, there are ways to mitigate these risks. By training your workers, upgrading your software and taking other steps, you can prevent your data from getting stolen. With the right prevention measures, you can stop your company from becoming another casualty of online criminals. Every business needs to have privacy, data and recovery policies in place to help mitigate the legal consequences of data loss.

For more information about ensuring your New York small business' privacy and guarding against security threats, check out the articles listed below:

Digital Damage Control - Data Breaches and New York Small Business

The Risks When Employees Use Personal Electronic Devices At Work

Have You Made These 11 Smart Decisions As A Business Owner?


Francine E. Love is the Founder & Managing Attorney at LOVE LAW FIRM, PLLC which dedicates its practice to serving entrepreneurs, start-ups and small businesses. The opinions expressed are those of the author. This article is for general information purposes and is not intended to be and should not be taken as legal advice. 

Francine E. Love
Connect with me
Founder and Managing Attorney at Love Law Firm, PLLC which dedicates its practice to New York business law