Small business doesn't mean small data: Experian Data Breach Resolution advises small businesses to be prepared for a data breach

COSTA MESA, Calif., Nov. 18, 2013 /PRNewswire/ -- The holiday shopping season not only brings an increase in sales but often an increase in cyberthief activity as well, and organizations of all sizes—including small businesses—can be victims of a data breach. Experian ® Data Breach Resolution, which has managed thousands of data breaches for clients, suggests small businesses pay added attention to data security to avoid providing unintentional "gifts" to those who might steal customers' personally identifiable information (PII).

Thieves prefer to target small to medium­–sized businesses (SMBs) because many lack the resources or expertise to manage cybersecurity. Retailers are especially easy targets for cybercriminals who look to hijack credit card data but customers aren't the only victims. Among SMBs that suffer a breach, a staggering 60 percent go out of business after six months.¹

"An organization categorized as a 'small business,' may still manage a large amount of confidential data, including customer and employee records," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "It's critical for these businesses that they take steps to prevent a breach and prepare for the chance that a breach might occur. An incident response plan is a critical part of that preparation."

Recognizing SMBs are often challenged by limited resources, Bruemmer suggests some low-investment approaches to preventing and managing a data breach:

• Conduct risk assessment — identify the most sensitive information that could be at risk. According to a recent study by Javelin Strategy & Research, data breach victims whose payment cards and Social Security numbers were compromised suffered the highest rates of related fraud.² Small businesses should understand the data most likely to be targeted and prioritize what is needed to protect that data.
• Put plans in place — investing time in developing a security and incident response plan can save on hard costs later. There are many resources available to help small businesses get started, including Experian's free Data Breach Response Guide.
• Understand the problem (and make sure your employees understand it, too) — the National Small Business Association's 2013 Small Business Technology Survey states that nearly a quarter of small businesses acknowledged "little to no understanding of cybersecurity."³ It is important that everyone in a business understands how their actions could create vulnerabilities. Train employees on security precautions, including bring-your-own device (BYOD) policies.
• Consider cyber insurance — SMBs generally don't have a risk manager or IT department dedicated to data security. A good cyber insurance policy can help mitigate cybersecurity risks.⁴ Cyber insurance, however, is not meant to be a substitute for data protection and security policies.
• Listen to the experts — make a list of outside partners that can be contacted when a data breach occurs. Engaging experts in legal counsel and resolution consulting can help businesses prepare to respond quickly and effectively after a breach, which may mitigate regulatory fines, lawsuits and reputational damage. These consequences could result in potentially significant financial losses.

Small businesses are increasingly targeted specifically because they don't have the resources of larger companies, raising their need to focus on data security. It could be the difference between a merry holiday season and losses that are difficult to overcome.

Additional data breach resources, Webinars, white papers and videos can be found at http://www.experian.com/databreach.

Read Experian's blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution
Experian^® is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.

About Experian
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013 was US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.

¹"Protecting Small Businesses Against Emerging and Complex Cyber-Attacks," House Committee on Small Business, March 21, 2013.

²"Data at Rest is Data Risk," Javelin Strategy & Research, Oct. 29, 2013.

³"2013 Small Business Technology Survey," National Small Business Association, Sept. 17, 2013.

⁴"Cyber insurance adds to cyber security," Experian Data Breach Resolution, June 4, 2013.

SOURCE Experian