Writing for IBM Midsize Insider, Christopher Burgess speaks to the downside of data loss to Small Medium Businesses.
Preferred business practices dictate cybe rsecurity, but data protection methodologies are a requirement for endpoint devices that contain customer data to protect against the possibility of a data breach/data loss. Customer data is among the most precious of all data within a company, especially if that data contains personally identifiable information (PII). Unfortunately, a substantial number of small to medium businesses (SMBs) in the United States, approximately 14 percent, have chosen not to implement any security measures, and only 9 percent use endpoint security techniques, according to a recent “Small Business Cyber Security Survey” by McAfee and Office Depot. With numbers such as these, it should come as no surprise that a great many SMBs are ripe for a data breach.
Protect the Endpoint
More often than not, endpoint security solutions are viewed as a luxury, an unnecessary operational expense by SMBs. Of course, it is unnecessary until the price of losing customer data is calculated. The situation is analogous to a fisherman setting out to sea without an individual flotation device. At sea without a life jacket? It should never happen. Yet the McAfee and Office Depot survey indicate that 91 percent of SMB companies surveyed are doing just that with respect to protecting company data on endpoint devices. SMBs are rolling the dice in the hope that the device will not be compromised or lost.
The risk posed by allowing unprotected endpoint devices within the SMB becomes an actual threat when any of those devices go missing, be it due to theft, accident or carelessness. When a device goes missing, a fundamental breach of the company’s security occurs, and if customers’ PII are stored on the device in an unprotected manner, a material breach has also taken place. It is instructive to consider the incident that compromised over 9,000 Milwaukee city employees, according to the Journal Sentinel. A flash drive containing the names, addresses, dates of birth and social security numbers of approximately 6,000 employees and 3,000 spouses and domestic partners was lost when the automobile of an employee of a city vendor was stolen. The affected individuals are now faced with the very real threat of identity theft and the city and its vendor with the unexpected cost of the post-breach notification and operational adjustments.
The cost to IT of protecting the endpoint would have been negligible in comparison with the cost of the data breach. This leaves every SMB with a clear path to follow: If company or customer data is to be allowed on endpoint devices, then the company’s investment to protect that data is a necessity. The IT department’s investment in the security solution preserves not only the data but also the reputation of the company and its brand. If a protected device goes missing, it is not a data breach; it is a loss of a device that contains protected data.
Every business regardless of size has company data, some of which may include customer data. Regardless of whether the company issues the smart phone, laptop or other device to an employee or the company has embraced bring-your-own-device (BYOD), preferred IT security practice requires the protection of endpoint devices.