How small business owners can survive a security breach


By Gloria Martinez

Special to the Financial Independence Hub

Photo by Markus Spiske on Unsplash

There are myriad reasons why a malevolent actor would want to breach your small business’ data and info and/or attempt to defraud your company. Money (holding business info or operations ransom) is a big one, but your business also holds plenty of useful, sensitive data on customers, clients, business partners, trade secrets, and finances. Whatever the reason, data breaches are becoming the norm — not the exception — for small businesses around the world, and the cost can be substantial. Here’s what to do if you’ve been hit.

Plug the leak and and figure out what happened

If you are a network security pro or have your own in-house team that can perform this task, that’s great. However, the majority of small business owners feel lost and adrift following a security breach. The smart first step is to hire digital forensic specialists. These experts can do most of the technical work for you, from plugging up the initial breach point, tracking down the responsible parties (which is key for any sort of legal action), and finally doing the necessary legwork to shore up your defenses (so it won’t happen again).

This is also the time to contact your service providers. It’s highly unlikely that your breach exists in a vacuum. We’re talking your point-of-sale software company, internet provider, credit card processor, and accounting firm, so it’s wise to take the appropriate actions.

Boost security and consider Legal Representation

Your next step is to do what you can on your end to improve your data security. Employ the obvious, FTC-recommended actions like changing company passwords, security codes, and physical locks (yes, data breaches can occur when unauthorized people have actual, physical access to your workspace). Then, as the FTC suggests, “you may consider hiring outside legal counsel with privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach.” Legal representation is vital for two major avenues — either taking action against those responsible or defending your business from liability (compromised personal data can put you in a serious legal pickle).

Make changes to prevent future breaches

A few solid ways to protect your small business from future security issues include separating personal and business accounts, beefing up your security and data permissions, and retraining employees about proper security protocols. The sad fact is that many security breaches are due to employees — whether malicious or unintentional. That’s why it’s absolutely critical that you take the time to carefully screen your hires to make sure they are reliable and trustworthy. This means holding quality job interviews where you ask the right questions to get an accurate sense of the candidates you’re vetting.

Notify those affected

Legal considerations aside (notification of a data breach may be forced based on state laws), being honest and upfront with your customers, clients, and business partners is always a good idea. It builds trust, for one. It also allows them to shore up things on their end, as security breaches are rarely just limited to the primary target.

Small businesses are generally easy targets for malicious actors for a variety of reasons. For one, they simply do not believe they are big enough to be hacked or breached. They also don’t have the time, money, or resources to devote to major cybersecurity. Knowing that you are vulnerable is half the battle, and the other half is staying calm but decisive when something does happen. Take these steps so you can recover and move on from a security breach.

Gloria Martinez loves sharing her business expertise and hopes to inspire other women to start their own businesses. Her brainchild is Womenled.org. Gloria’s vision is to help all women advance in the workplace and celebrate their achievements.

Leave a Reply