November 27, 2017
How To

How to: Avoid the high cost of a data breach

Sterling Kozlowski

In August, the Equifax data breach left more than 145 million Americans vulnerable to identity theft. Sensitive information such as Social Security numbers, addresses and consumer names were stolen by hackers attempting to impersonate individuals by opening bank accounts, applying for new credit cards or even attempting to get driver's licenses.

The breach spurred consumers to review the cybersecurity measures they have in place at home. Small business owners should do the same. Yet, recent data shows 87% of small business owners do not feel they are at risk.

This is a mistake. In 2016 alone, 61% of cyberattack victims were businesses with fewer than 1,000 employees. What's more, roughly one in three small businesses do not have the necessary tools in place to protect themselves from any kind of cyberattack.

The high cost of ignoring a data breach

The Ponemon Institute, a Traverse City, Mich.-based research firm, estimates that the cost of cleaning up a small business after it has been hacked is $690,000. An estimated six in 10 small businesses fail within six months of a cyberattack.

Nearly half of cyberattacks are maliciously intended, with hackers aiming to use a business owner's information to compromise the owner's personal credit. This leaves personal information, preexisting accounts and the business at high risk. Once a credit score has been compromised, a small business owner may no longer be able to pay their business loans or access new financing.

Often, small business owners are at a greater risk of an attack because they do not have the necessary cyber protections in place. One way to protect against a cyberattack is to enhance security measures through malware detection or pop-blocker software and installing a firewall, anti-spy, anti-virus and spam filter on your small business' computer system.

How to protect your small business

With small businesses at a great risk of falling victim to a cyberattack, business owners can follow these best practices to better protect their businesses.

  • Most importantly, protect your personal information at all costs. Never respond to personal information request via call, text or email. It is imperative that account owners keep account information safe from phishing scams by not opening or downloading attachments from unknown sources.
  • Do not share confidential business information online and be sure to protect personal information by securing it with a strong password or keeping it out of public view. Protect your digital footprint by increasing account password strength using two-step authentication, encrypting sensitive documents, and hiding and requiring a WPA2 password for your wireless network.
  • Business owners should change account passwords once word breaks of any sort of data hack — even if the business is not directly affected. By having multiple, strong and unique passwords for business accounts, you lessen the risk of hackers stealing your personal information. Keep personal electronic devices up to date with the latest security patches.
  • Monitor all accounts regularly in order to detect fraudulent activity. If a check is not processed on time, contact the payee and consider placing a stop payment. If you bank online, sign up for automated alerts that will flag any change in credit status.
  • Consider creating an informed cybersecurity incident response plan. Stay vigilant on data breaches or cyberattacks. Develop an incident response plan so you can respond quickly and effectively to any breaches in cybersecurity that might affect your business and its employees.
  • Consider purchasing specialized insurance. Standard commercial insurance policies will do little, if anything, to shield you from electronic damages and the associated costs.

Anyone and any business can fall victim to a data breach. Educate yourself and your employers on best practices to protect your small business.

Sterling Kozlowski is president of KeyBank's Maine market and regional executive of Key's New England region, which includes Vermont, New Hampshire and greater Boston. He maintains an office in Key's Portland headquarters, at One Canal Plaza, and can be reached at 207-874-7298 or


Type your comment here:

Most Popular on Facebook