Cyber-criminals are moving down the food chain. As larger corporations spend millions of dollars enhancing their cyber-security, data thieves and phishing-scammers are increasingly targeting small to mid-size companies. These smaller businesses typically lack the financial resources of Fortune 500 companies; accordingly, the bad guys are setting their sights on these relatively easy targets.
Cyber-crime is now everybody's problem. Although it is impossible eliminate your company's risk of suffering a cyber-attack or data-breach, there are small steps every small business can take to minimize the risk of suffering a catastrophic breach. The easiest of these steps is to draft, implement, and follow a Data Breach Incident Response Plan.
A good Data Breach Incident Response Plan will include written instructions for your employees to follow in the event of a data breach. It should identify an Incident Response Team. Ideally, it will include sample notification letters for affected individuals, as well as notices to local, state, and federal authorities.
No one plan will fit every small business. Talk to your company's legal counsel, IT-provider, and insurance carrier about drafting and implementing a Data Breach Incident Response Plan before your company suffers its next data breach.