Why SMEs Need Data-Centric Security In 2015 & Beyond

Media Division | May 8, 2015

Big data is the rage these days, which leads to the question: how big it can be for SMEs – and it might help if they know how to secure all the data they’re collecting.

Traditionally, SMEs secure systems, networks, data centers, and devices. However, in a consumer-centric world where technologies like cloud computing and practices like BYOD are leading the way, traditional security practices are not enough, and the data itself must be secured.

Many SMEs neglect the importance of establishing appropriate rules and policies for data protection as they collect and store sensitive customer data. It’s more important than ever to adopt a different approach and come up with solutions to keep sensitive data secure within corporate systems.

Data breaches against SMEs on the rise

A study published by Shred-it revealed that SMEs are not taking enough care to protect sensitive data. Also, they are ten times less likely to adopt a security system that focuses on data protection than large firms. This is worrying as cyber criminals are planning a greater number of attacks to steal data from SMEs than ever before.

According to Data Breach statistics, 71 percent security breaches target small businesses. One interesting reason for this case is that businesses of such sizes provide multiple services to larger companies such as Target and Neiman Marcus, and therefore store data that can be used to conduct large-scale attacks. Stolen data is sold on the black market for millions of dollars.

For SMEs, data breaches don’t only mean loss of reputation and potential lawsuits – they could lead to bankruptcy and business closure. Many small and medium-sized businesses underestimate the cost of data breaches; here’s a short breakdown of what could be in store:

  • Notify customers: Most countries have passed laws which require SMEs to notify customers if hackers have breached their information; depending on the number of customers a business has, the entire process can cost thousands of dollars. An example is the University of North Carolina that had to send notification letters of about 6,000 records at a cost of $32,000.
  • Credit monitoring: SMEs have to offer credit monitoring services to affected customers. This can go up to a year of counseling or credit monitoring services, costing you thousands of dollars. In the above-mentioned example, the educational institute suffered $22,609 in credit monitoring expenses.
  • Card replacement expenses: When you suffer a data breach, you would have to pay the expenses of reissuing credit and debit cards to customers whose data was compromised. The fee for each card can range from $3 to $10, and depending on the number of customers, the costs can significantly add up.

Data-centric security is the solution

Data-centric security solutions are geared towards protection of data rather than devices at endpoints, but they should be integrated without any disruption to the IT, employee and user workflows. The best way to integrate data-centric security is to automate processes involving administrative controls and encryption of data with contingency keys.

Also, CSOs should make an effort to build a clear infrastructure that demonstrates what data is being passed between external and remote sites, as well as how that data flows within the organization. This will help determine who is moving the data, and by placing a monitoring solution, SMEs can quickly detect cyber threats.

Massive’s Strixus Global is also an option for SMEs. The solution aids in data loss detection by helping organizations to secure information outside of ‘castle walls’ in addition to securing the parameters. Real-time tracking and alerts help the IT department stay on top of cyber attacks that aim to steal data.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.