Jun 25, 2013 Dave King
Enterprises of all sizes, in all industries and around the globe have experienced increased threats to information security, as cyber criminals continue to become more proficient in circumventing traditional protections and stealing sensitive information. Now that many firms are beginning to use ACH cards and other automated electronic payments, the threat to security has never been greater, especially when preparations have not been implemented.
Small business have become the most common targets of cyber criminals, as these firms tend to have less resources and knowledge when it comes to data security than their larger counterparts. Not only has data breach become more frequent and damaging for smaller firms, corporate identity theft has also started to intensify in the sector.
Now, advocacy groups and federal regulators are increasing efforts to boost awareness of the potential dangers that come along with poor information governance and data security standards. Many small business owners work under the assumption that they are immune from threats, though this could not be more false.
Survey reveals issue
Shred-it, a security company, recently conducted a study that revealed how small business owners, as well as corporate executives are approaching cyber security responsibilities. The 2013 Shred-it Information Security Tracker found that smaller firms are taking less stringent and comprehensive measures to deter data loss and largely do not understand the potential risks of cyber attacks.
Compromised data can lead to several issues, including hurt reputations, incurred financial losses and a drop in credibility. The study revealed that 69 percent of small business owners either do not comprehend or do not believe that data breaches can have a substantial financial impact on their companies.
As a result of lacking knowledge related to the best practices of information governance and the dangers of not implementing effective solution, 40 percent have not invested in any type of data security standards or solutions, which is higher than the 35 percent recorded last year. What's more, roughly 33 percent do not train their staff in the best practices of data security.
In the way a chain is only as strong as its weakest link, even the most comprehensively written data security standards could be completely compromised by the improper actions of only one employee. Additionally, several studies indicate that employee error is the most common cause of data loss and breach among enterprises and public sector organizations today.
The survey also found that less than one in every five small business owners surveyed said that they would stand behind new data security legislation, while 48 percent do not have a member of staff dedicated to information governance.
"As we celebrate National Small Business Week, we're urging companies to be vigilant when it comes to information security," Shred-it's privacy and security officer Mike Skidmore explained. "We have seen a consistent increase in small businesses without security protocols in place and a crucial first step for practicing effective information security is improving awareness of policies and procedures. Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage."
Implementing proper controls before it's too late
Though electronic payments such as ACH cards can be a boon for operational efficiency, employee engagement and customer retention, one wrong step when it comes to information security could completely thwart the strategy. Enterprises need to focus on deploying the necessary controls and protections before starting an electronic payment strategy.
In addition to security software, experts often recommend companies maintain strict oversight of accounts payable and receivable to identify and eradicate any irregularities before they become too damaging. Additionally, ID verification protocols can further protect companies from being held responsible for an identity theft case.