The number of U.S. data breaches reported in 2021 increased dramatically over the preceding year. As reported by the Identity Theft Resource Center (ITRC), there were 1,291 data breaches between January 1, 2021 and September 30, 2021. The volume beat out the 1,108 breaches detected over the course of Full Year (FY) 2020. It’s therefore not surprising that data compromises year-to-date (YTD) was up 27% last year compared to FY 2020.

The Myth of “Too Small to Fall”

Looking at the above statistics, small- to mid-sized (SMB) businesses might think they aren’t big enough to become caught in attackers’ crosshairs. But that’s not the case. SMBs suffer data breaches all the time. In its Data Breach Investigations Report (DBIR) 2021, for instance, Verizon Enterprise revealed that SMBs had suffered 263 data breaches in 2021. That was just slightly fewer than the 307 data breaches experienced by large organizations.

These findings raise an important question. What are some steps that small businesses should take in the event they suffer a data breach?

Understanding Breach Response

Breach responses typically focus around three main categories: containment, communication, and remediation. 

Containment

The first thing to do is to take a deep breath and understand the scope of the breach. Was it an external party that notified you, or was it something you identified internally? Getting hit with ransomware is a little more of an abrupt notification than a third party reaching out and letting you know that your systems were compromised. 
 
Either way, the next thing to do, often in tandem with the first, is to notify your local law enforcement agency. Depending on the country and jurisdiction of your business, there are various data breach reporting laws that must be adhered to. As part of this, law enforcement (Read more...)