Data Breaches Happen to SMBs Too. Often Because of Human Error

By David Wagner

It’s dangerous to assume that data breaches and email hacks happen exclusively to big corporations. Small businesses are just as vulnerable to cybersecurity attacks, and data breaches are not something to be taken lightly. In addition to the loss of customer and partner trust and information, data breaches cost businesses $4 million on average, according to a recent IBM study.

Unfortunately, in many data breach cases, human error is often the culprit. Small business employees oftentimes unknowingly put themselves and their sensitive data in harm’s way because they are unaware of the risks and the proper preventative security measures to take.

With Data Privacy Day quickly approaching on January 28, now is a great time for small businesses to take a close look at their corporate cybersecurity strategies and make any updates necessary. Here’s some advice for small businesses looking to safeguard their company, especially from the threats that their employees unsuspectingly pose.

Invest in employee education and training

All employees need to have strong passwords protecting their devices, cellphones and laptops included. Also, employers should encourage employees to only use Wi-Fi networks they are familiar with to avoid an information sharing mishap. Consider signing up for a security webinar or training session, so all employees can get up-to-speed on simple ways to protect themselves from a data breach.

Continually conduct internal testing

Knowing that phishing and social engineering are some of the biggest threats to companies, make sure you are conducting internal penetration testing. If you have a wave of new employees start, it would be worth testing them out after they have gone through some basic cybersecurity training to illustrate the threat and help them recognize any security issues.

Set up safeguards, such as Data Loss Prevention (DLP) technology, to protect employees from themselves

You can set up software that will scan outbound mail for possible red flags. If there’s a cause for concern, the software will quarantine the message and check in with the administrator to confirm they want this information delivered. That way, employers and employees can rest easy knowing sensitive information — like addresses, credit card information, etc. — is safe.

Create a system where securely transferring data does not take extra steps

To ensure your employees adopt data-protecting habits, you’ll want to make it as easy for them as possible. Consider a solution that works seamlessly with your company’s current devices and policies, so your employees can spend their time growing the business, instead of risking it.

Protect all devices that are used for work

Any device that workers use to conduct business should be password-protected. Whether it’s a cell phone, the company laptop or a personal tablet, all devices that have access to an employee’s email account and work documents should be, at minimum, restricted through some sort of password, thumb print, lock code, etc. It’s easy to misplace devices while traveling or on-the-go, so a strong, unique password is one more step a thief will have to crack to gain access to the sensitive information stored on the device.

It may come as a surprise to most small business owners that employees pose an unsuspecting cybersecurity threat, but there are simple steps owners can take to prevent an accidental data leak. With the right education, strategies and safeguards in place, your small business can help keep your company’s sensitive information from landing in the hands of a criminal.


About David Wagner

David Wagner is President and CEO of ZixCorp, the world’s leading email encryption provider. He is also a member of ZixCorp's Board of Directors. Prior to his role at ZixCorp, Mr. Wagner held leadership roles at Entrust for 20 years.

More About David