In our time over the last 30 years providing cybersecurity services to enterprises and small to medium organisations across Australia, we have seen many instances of how Data Loss Prevention (DLP) solutions have protected smaller organisations’ intellectual property and helped them achieve compliance for various data protection regulations.
A recent global study by Allianz Worldwide Partners (AWP) found that over half (56%) of Australian small businesses either don’t have adequate cybercrime prevention, or think that any damages from a cyberattack will be covered by their insurance.
Digital security issues threaten businesses of all sizes; while larger companies have more data to steal, smaller businesses often have less secure networks, meaning they can become quick and easy targets in the eyes of cybercriminals. Additionally, smaller businesses are usually attacked as the proxy third party in an attempt to break through to their supply chain, which services larger organisations.
The impact of a cyberattack or a severe data loss incident is felt higher in small to medium enterprises. A recent study released by the Australian Small Business and Family Enterprise Ombudsman found that 43% of cybercrimes target small businesses and that more than half of those companies go out of business within six months of the attack.
Besides risks stemming from outsiders, internal threats are also among the top cybersecurity concerns, whether they occur due to malicious intent, as a result of carelessness or because a lack of appropriate security controls - often viewed as non-core to smaller organisations. This is where majority of data loss comes from and is often only realised a significant period after the fact.
So how can small businesses protect themselves with a DLP solution?
Source Data Loss Prevention Software:
Consider data security holistically. Businesses will benefit the most if they have software that has both proactive and reactive DLP features. DLP software can reduce the mishandling of your data. These systems can identify sensitive data (such as customer credit card information) and help you manage who has access to it among your employees.
Buy Data Loss and Cyber Liability Insurance:
If you consider your data as an asset that is worth dollars, both to your continual operation and growth of the business, you may want to consider cyber insurance. The best defence is to put the right technology in place to keep customer data safe but also have a backup plan in place like insurance. Data breach and cyber liability insurance can be reasonably priced for small businesses and are usually quoted by the number of data sources you have both in on premise and cloud environments. Remember to look for an insurance provider that covers more than just loss of revenue.
Consult with a Cybersecurity Specialist to Put a Response Plan in Place:
Some of our most advanced customers in the SMB space have a designated action plan for each business unit in the event of a cybersecurity attack. Additionally, they’re customers of our managed cybersecurity service, which monitors operations and keeps a 24/7 look at their environment. Ensuring that your employees are engaged with the plans and aware that they are often the biggest source of data loss will increase adoption of the policies and plans. Auditing your environment on a monthly basis for security vulnerabilities is vital and can be outsourced to cybersecurity professional services for a standard monthly fee.
Comply with Regulations:
Just like large enterprises, small or mid-size business need to comply with different national, international and industry regulations, like the Notifiable Data Breaches scheme.
DLP technologies can help SMBs meet compliance by identifying, monitoring, and protecting confidential information, something that makes compliance easier to maintain.
Reduce Mobile Threats:
The rise of Bring Your Own Device culture and remote working opportunities present a number of challenges from a security perspective for SMBs. Being mobile can make it more likely a device is lost or stolen. It can also increase the likelihood of the company’s sensitive data being copied or taken without HQ’s knowledge.
Various DLP solutions can prevent employees and contractors from intentionally or unintentionally leaking data from organisations of any size. They can also provide access without leaving sensitive data vulnerable, as well as track when data is transferred to USB devices.
While traditional DLP might be seen as too complex and difficult a solution to implement for SMBs, a number of DLP software options these days have modular features that can be combined and matched to the company’s needs. Additionally, cybersecurity consultancies like Loop Secure offer cybersecurity managed services which encompasses active DLP implementation and environment monitoring tailored to small to medium enterprises, therefore allowing full access to cybersecurity technology and expertise.
To download our latest DLP Buyer's Guide in partnership with Digital Guardian, please download here: