News & Resources

Data breaches impact small businesses

Nov 01, 2013 Dave King

When loss or theft of sensitive information hits large companies, the sheer number of consumers affected makes the news impossible to ignore. However, smaller firms can also be impacted by data breaches, and dealing with the fallout can be equally problematic, as they have fewer resources to recover from an information security incident than the industry giants do.

According to Techworld, the Information Commissioner's Office (ICO) of the United Kingdom recently fined Jala Transport, a small, London-based loan provider, a sum of £5,000 - roughly $7,500 - after an unencrypted external hard drive was stolen from the owner's car. The device contained the names, dates of birth and passport data and driver's license numbers of 250 of the firm's clients.

Even though none of Jala Transport's affected customers saw any fraudulent activity in their consumer credit reports, the fine leveled upon the company for failing to encrypt the data could have been much higher, up to £70,000, the news source noted.

On the ICO's official blog, the group manager for the organization's technology team, Simon Rice, reminded businesses of the importance of encryption.

"Using appropriate encryption can be a simple and effective means to protect personal data in these circumstances, and one which we advise all organizations to take if the loss of the data could cause damage and distress to the individuals affected. However, evidence shows that data controllers are still not addressing the problem," wrote Rice.

Best practices for small firms
While the breach that hit Jala Transport has so far not done damage to customers, there are all too many examples of how data loss can lead to identity theft.

According to InformationWeek, a software developer who spoke to the news source under the pseudonym Ann was affected by the recent breach at data broker Experian. Ann said she saw fraudulent charges on two separate MasterCard accounts weeks apart from each other. Identity thieves also created a fraudulent third account in her name.

Worcester, Mass.-based firm Hanover Insurance recently announced a list of five best practices in light of research by the Ponemon Institute revealing that 55 percent of small businesses experienced a data breach in 2012. Encrypting data is the top suggestion, followed by performing employee background screenings. The firm also suggested that growing companies must understand what kind of insurance they need and what coverage their current contracts provide them, in addition to establishing an effective response plan in case of a data loss incident.