I have assessed many types of business from different industries and different sizes. Some, I have been called in because the worst has happened, or perhaps they have been informed they need to get compliant (win business, regulator found them etc.).
It is amazing how many small medium businesses have not done a thing about data security, or had a go and think they are protected. I understand that to some degree. When you are starting out, you want to make money. Buy low, sell high. Systems put together with sticky tape and blue tack, just to make it work and get some services working. No one tells you about the laws/regulations that you now need to comply with. Yes, you pay tax and set up correctly, you need to pay for insurance and set up correctly, and… yes you need to comply with data security laws like GDPR, or if meet data security for regulations like FCA, PCI DSS, SOX, HIPAA etc. … and set up correctly.
I’m only a small or medium business, does data protection matter to me?
The way the world is working, we are even more interconnected. Data in the cloud, online payments/transactions, and more. In short, bad actors are after your data. It depends on what they can do with it. Often there is a financial incentive such as stealing financial data like bank details or payment card details.
Ensure your business is running tomorrow
Sometimes, stealing your identity and/or taking over your social media profiles. Have you heard or come across any stories about anyone, who has experienced this in the past? I hate having those cries for help and there is not a lot we can do, once attackers have broken into accounts. Prevention is the key. Unfortunately, many SMBs do not consider this, whilst on their business journey.
According to IBM:
- 60% of small businesses fail after a cyberattack.
- Two thirds go out of business within six months.
- Average cost of a data breach reached $4.35 million in 2022
Having data security helps to ensure your business is running tomorrow.
Furthermore, if you handle data, then it is likely you will need to meet your local data security legislation/regulation. For example, if you handle data or persons residing in the UK or European, then you are obliged to meet GDPR. Singapore and PDPA. US has various privacy laws depending on your location. There are many more. If you fail to meet these, then there can be serious consequences, for example GDPR has a fine from 2-4% depending on non-compliance.
To put it simply… all businesses including SMBs need data security.
Risk maturity
Also, as you grow larger and more mature, I would expect you to on a monthly basis look and discuss with senior management/board at your sales, delivery and risks. Security is not an IT risk, it is a business risk. Businesses should start discussing data security more often.
If you are an IT leader or business leader, you should start considering data security risks as part of your on a monthly reviews as standard.
Why can breaches be expensive?
There are various reasons why businesses suffer. There are many, but here are some common ones:
- Staff cost: Staff to restore and recover services, takes time and effort. Sometimes days and in some cases it can take weeks or months.
- Ongoing problem: The problem has not been sorted, so a second data breach can occur.
- Reputational damage: Challenging to win new clients. Challenging to keep existing clients.
- Forensics: Getting in forensic experts to find out what happened is expensive.
- Regulation/Legislation: Cost for a data breach and non-compliance can vary, but crippling to a business.
I don’t know where to start?
How is your security? If you don’t know, the first thing is to review where you are and that means reviewing your security posture.
Once you have know your security posture, then you can take the necessary decisions, risk management steps etc.
Whether you are just one-person, medium or large business with little to no knowledge about security, The PROTECT Protocol™ is our 90-day programme where we show you how to do this. We will show you how to know your security posture by doing a security healthcheck, how to manage risks and security.
Be Secure.
Minerva Secure.
👉 Like What You Read? Be a rockstar and just give me 5 more seconds by sharing this to LinkedIn.
👉 Want More Tips/Hacks To Improve Security and Compliance Faster? Then take 10 more seconds to click on my profile, connect and follow me: https://www.linkedin.com/in/mqhopewell/
#MinervaSecure
#ThePROTECTProtocol
#computersecurity #cybersecurity #informationsecurity #infosec #cybersec #privacy #itleaders #itleadership