Data Security – The Risk is Real
No company is too small for a hacker. In fact, when it comes to data breaches – hackers tend to gravitate towards smaller businesses. Nearly two thirds of all data breaches occur within small firms. Hackers focus their attention on these companies because they don’t have millions of dollars to protect themselves from cyber-attacks like larger companies do. Small businesses rarely have necessary policies, procedures and training to reduce or prevent their risk. But one thing a small business does have, the data that hackers want.
Ever thought to yourself “my small business doesn’t have that much sensitive data”? You may be surprised to find just how much data you actually have. Any combination of client names and addresses can be a powerful weapon in the wrong hands. Even without credit card or banking information, hackers can fill in the gaps when combined with data collected elsewhere, and if you store any kind of medical data, you carry additional risk. The truth is – all data, including yours, is of value to someone.
The question is not IF you will have a data breach, but WHEN. A breach is bad enough publicity for any company, but pleading ignorance as to why your clients’ data wasn’t protected simply won’t fly. You have to illustrate that you took appropriate steps to mitigate those risks if you ever end up in court. Over 60% of cyber breaches come through small companies, and the average cost of the breached company is $187,000. Can you absorb a $187,000 loss? Most breached firms are out of business within 6 months and 90% are out of business within 2 years.
So how do we as small business owners protect ourselves and our clients’ data? The answer is more complicated than just installing the proper technologies. Some of the most well publicized data breaches were due to unintentional human error by an employee or vendor. (https://www.forbes.com/sites/ericbasu/2015/11/05/the-top-5-data-breach-vulnerabilities/#43bed77e4d04). In fact, 80% of all data breaches are due to employee or third-party vendors with inadequate knowledge and training on how to protect sensitive data. Bottom line? The answer for small businesses doesn’t lie with more technology, but with more training.
Over the years, BMC has partnered with various trusted advisors to offer solutions to small-business problems. We’ve recently partnered with Truvincio, LLC to address the growing concerns and issues of cyber and data security. The Truvinicio system is an easy, effective, and low-cost approach. Their training modules, compliance policies and procedures and continuing education can provide a complete new structure or improve your existing systems to ensure that you are protecting your internal and customer data. The system also demonstrates to regulators and in court that you are compliant, providing you both peace of mind and a strong legal position. With industry specific programs tailored for your exact needs, and annual (or as-needed) updates, you can be sure that you are checking all the boxes.
Here at BMC, we recently implemented the full Truvincio program and immediately noticed a difference in the way our employees handle sensitive information. In addition, we have worked with Truvincio to get the proper documents, procedures, processes and protocols in place to meet our industry regulatory requirements, and we are continuing to work with all vendors who come on premise to make sure they are trained as well.
If you store or handle any client data, I would highly recommend that you check out this great tool, or you can contact one of our team to discuss how the process worked for us, and we can get you connected with a representative from Truvincio. An additional and important benefit we received from implementing the Truvincio solution was improved business efficiency and better management of the risks that effect small business every day. Truvincio was built with the small company in mind and for us it provided a simple, affordable, effective and defensible approach to a serious problem facing business today.
Truvincio is a Maryland- based company. If you are interested in learning about their low cost approach and implementing it for your business, you can contact the BMC team or Truvincio directly. Warren Robold (warren@truvincio.com), 301-639-6644. http://wr.truvincio.com/
