Why You Need to Make Data Breach Security Part of Your Business Plan

Starting a business can be tough. Trying to make a profit and sticking with your business plan can be tougher. Most of us do not realize the actual cost of doing business until we actually take the reins and experience for ourselves.

The real cost of payroll, inventory, and rent do not come to full light until we begin to write checks. This is when the overlooked cost of business comes into play.

Taking care of payroll? Don’t forget to add taxes you pay on behalf of the employee. Inventory? Don’t forget about spoilage, theft, and returns.

The digital age has brought about useful technology to help business run smoother; however, it has also brought about a wave of cybercrime including identity theft, hacking and wire fraud. It seems that it would be commonplace to protect your business from such cybercrimes. But the fact is, many don’t.

How We Got Here

A desktop computer is an essential for any business. Even brick and mortar stores who take credit cards or keep electronic time sheets use computers. Technology has come a long way and many businesses are even building their own websites.

Crime has always been prevalent when it comes to business, but the dawn of the internet has created a new pathway for criminals. Instead of taking a gun into a bank or lifting a wallet out of someone’s pocket, they now commit crimes from just about anywhere. All they need is access to the internet.

Some of the earliest cybercrimes involved petty nuisances such as infecting computers with viruses. Many did it for the joy or out of boredom, but money became a motivating factor. Criminals learned that they could steal valuable information such as bank account and social security numbers.

Now, data breaches are far too common, and cost can be devastating to a business. A recent study showed that a data breach can cost $172 per record stolen. So, imagine having the data of 1,000 customers stolen. It adds up quickly and can bankrupt your business.

Here are some of the largest data breaches to date (there are many more, but these stand out as my favorites):

  • Yahoo – Yahoo was breached more than once during 2013-14, something they did not disclose to consumers until 2016. Hackers were able to access the names, dates of birth, email addresses, and passwords for 3 billion user accounts. It cost $350 million for Yahoo (in lost sale price) who was negotiating the sale of the company at the time of disclosure.
  • Ashley Madison – The somewhat controversial “hook up” website Ashley Madison was breached in 2015 with up to 37 million users’ identities being exposed. The funny thing about this breach is that users of Ashley Madison use it because it offered “discreet, extramarital affairs.” Discreet no more after the data breach. The lawsuit alone cost the website $11.2 million in a lawsuit.
  • Equifax – 2017 brought about a data breach for one of the world’s largest credit bureaus, exposing the information of 143 million consumers. Of the 143 million, more than 200,000 had their credit card data exposed as well. As of this writing it is unknown what it will wind up costing, but there is already a class action lawsuit related to the breach.

Who Is Vulnerable?

According to the website EyeOnPass, ecommerce, web and mobile apps are extremely vulnerable to cyberattacks.  The global e-commerce market is estimated to be worth $2.4 trillion by 2019, making it even more attractive for people who want to hide behind a computer and do their crime.

In addition to e-commerce, brick and mortar stores are also vulnerable to cybercrimes. Just about everyone has an email list, website, and processes credit transactions. If you have customer or employee data stored anywhere on a computer, you are exposed.

For those who are thinking they don’t maintain information worth stealing, think of this. What about the companies you use? They are storing your personal and business information. Is that worth stealing? If so, you should make sure you do business with those who have policies in place to help protect your information.

What You Can Do

For those thinking of launching a business, having cybersecurity as part of business plan does two things.

The first is that it helps cover the forgotten expenses (yes, cybersecurity is now one of those as you don’t recognize it until it happens to you). The second is that it shows potential financiers that you are thinking ahead to protect your customers (and their investment).

As part of your business, you should look for and make sure to do the following:

  • Have a response plan to deal with data breaches.
  • Budget for software to help protect from breaches.
  • Make sure your current insurance covers expenses related to any breaches, including theft.
  • Have a company policy for computer use/access (make sure this includes policy for processing credit transactions manually).

Final Word:

You cannot guarantee immunity from data breaches. However, you can take steps to limit your exposure, as well as address the issue if it should ever happen.

My advice for everyone is to stay current with cybersecurity issues and how they could affect your business. Even if you think it wouldn’t happen to you, always ask the question – “What if it DID happen to me?”