Five Simple Steps SMBs Can Take To Prevent A Disastrous Data Breach

Every week we see similar stories permeating the news – large enterprises falling victim to data breaches and finding themselves at the mercy of hackers looking to access and exploit sensitive customer data for personal or monetary gain. The impact of just one of these events can be devastating; for large enterprises, the short-term effect of a tarnished reputation and the costs of remediation can be significant. For SMBs, however, a single breach can completely destroy the business as liabilities and lost customer trust take a greater bite out of income.

Small and medium sized businesses are subject to similar security, risk and regulatory requirements as their larger counterparts. However, SMBs must often rely on much smaller staff, and limited resources and technology, to effectively manage these requirements.

For SMBs, implementing a comprehensive security strategy might seem like a daunting task. By following these simple steps as part of an overall security strategy, SMBs can realize more effective data protection, lower their risk exposure, and more effectively comply with policies and regulations.

1.  Conduct a Candid Data Quality Assessment

SMBs should review the meaning, quality and timelines of the data stores stored in sensitive areas, like those that contain regulated information or intellectual property.  The assessment will identify which databases may need additional security protocols and identify vulnerabilities that could serve as a gateway for hackers in the future.

2.  Create a Detailed Description of all Data Touch Points

Creating a map of who contributes to the relevant data stores, which applications use them, and their business purpose is essential to create effective application access security roles – a crucial step in ensuring data security.  As SMBs better understand how their applications interact with their data overall, they will be able to use this information to develop more effective procedures to protect the accuracy of data where inputted.

3.  Conduct Periodic System Reviews

As new applications are deployed within an organization, it is critical to ensure these same applications have not introduced new vulnerabilities. In particular, SMBs moving toward inexpensive cloud applications (e.g., on-line backup services), where sensitive data is stored outside the business’s firewall, will need to weigh the economic benefits of deploying databases in the cloud with the risks of placing sensitive data in the hands of third parties.

4. Develop Comprehensive and Specific Security Policies

A key part of a security vendor’s ‘Value Add’ is the vast experience and wide exposure to best practices attained through customer deployments. With this in mind, SMBs should look for a security vendor with specific industry expertise and an extensive client roster in their vertical market (e.g., retail, financial services, pharmaceutical and education)

5.  Deploy Comprehensive Solutions

Similar to a large enterprise, SMBs must deliver a complete security solution in order to appropriately protect customer and company data wherever it resides.  A comprehensive approach to security must include three key features: 1) The solution is scalable and can grow as the business expands yet must also remain cost-effective; 2) It should be easy to implement and able to be deployed and maintained with minimal time and resource investment; 3) The solution should simply and reliably support all areas where sensitive date resides, including the database layer.  Database activity monitoring, coupled with vulnerability management for databases, gives SMBs a holistic view of their security posture, helps further mitigate risk, and can reduce the likelihood of a damaging breach.

Tags: data breach, enterprise, risk, security, SMB