The security of one's own personally identifiable data is quickly becoming one of consumers' top concerns when deciding whether or not to conduct business with an organization. The knowledge of previous data breaches with other, larger, organizations leave consumers with an unfortunate feeling that their selected vendors are unable to ensure the protection that they request and deserve. In some cases, consumers have left long-time relationships with such hopes that the next selection is more capable of sustaining the integrity of their customer databases.
As one who often deals with small businesses in the field, I have noticed a similarity amongst them, which indicates that the notion of Cyber-Security is one that is often overlooked or disregarded. Unfortunately, one of the more common reasons revolves around ignorance. Some business owners simply do not understand what cyber-security is and how it would benefit their organization. Some are even unaware that a responsibility to protect their customers' data exists.
The Causes for Concern in an Internet Age
In this era, it is extremely unlikely for any business to conduct transactions or market themselves without some sort of Internet presence. In many traditional settings, this may include a website, e-mail, and/or a database. Despite what some business owners may believe, each of these requires protection. Websites are hacked, e-mail accounts are compromised, and databases are breached and exported. There is no sure way to count or measure the number of methods that may be used by black-hat hackers (the bad guys) to attack an organization. This, of course, makes it much more difficult to protect their data without proper expertise and capital.
There is often a lot of responsibility placed upon the website/database or e-mail providers when it comes to data protection. However, if your best friend loaned his vehicle to you, how likely are you to let a stranger drive it? Moreover, what happens when the vehicle is returned with damage? Who would your friend blame? You (who the vehicle was entrusted to) or the stranger? But yet, this is essentially what many small businesses are doing to their customers. Security is commonly associated with costs or expenses. I consider this a failed relation simply because if this investment is not made, it is more likely for true costs to be incurred. Current Louisiana government regulations state that businesses may be subject to penalties of up to $5,000 per violation if affected parties are not notified within 10 days after the incident has been officially declared. There, of course, are other similar regulations that are being enforced throughout the nation.
It is because of this I conclude that small businesses should be more inclined to make these investments. Corporations such as Target, Sony, and Wal-Mart are more capable of resolving their penalties, and can even afford to lose a few skeptical consumers. Small businesses are not so fortunate. Therefore, the protection of customer and employee data should be one of the highest priorities for the organization. You wouldn't leave your credit card numbers in the open for the world to see, neither should you do so with your customers'.