Tsahy Shapsa

The bigger you are, the closer you're watched. That's why companies like Apple and Google are constantly under a microscope, facing governmental scrutiny and legal challenges when it comes to customer data. Many other companies, including TJX, the parent of T.J.Maxx, have had to apologize to customers for data protection failures.

How can small businesses ensure they'll stay out of data security trouble? Use a large external vendor, like Google Apps, benefitting from that larger vendor's security and data protection practices.

Google might be under the gun for some of its Google Buzz and Google Earth practices, but the company has a big stake in the game. They are investing a lot of resources into securing their operation and making sure they comply with data privacy laws. Even a small company that grows its IT department to 10 people can have the best those 10 people can offer -- or by using a large vendor, get the same security technology that protects some of the largest companies in the world.

Security Is in Your Employees' Hands

Avoiding data breaches is not only a matter of securing the data against cyber threats. At the end of the day, it's employees who put data into applications, so your business is responsible for making sure they're handling that data properly and adhering to the company's privacy policies. It's not enough to make sure every employee has signed a copy of the policy; privacy policies are typically 10 pages long, and there's no way to be sure all employees will follow all those rules all the time. You have to assume that people will mishandle data, most of the time through innocent mistakes. You have to be prepared when that happens.

Have a Data Breach Plan

The first step is to put tools in place that will alert you whenever there is a potential data breach. That way, you have a much better chance of preventing or reducing data actually leaking into the wrong hands. Whenever there is a breach, make sure employees know about the incident and what caused it, and reinforce the message about best data-protection practices.

In some cases, you might need to alert your customers as well, depending on the type of data breach. That will depend on the specific agreement you have with customers, and it's something you should think about before any kind of breach ever happens. You should be proactive and put in writing what your response will be in case of such an incident.

Think Like the Big Guys

Today's business world is becoming flat, where small companies can act big and operate across state lines or globally. That brings big responsibility and can lead to big liabilities. It can be a meaningful challenge for many small businesses.