author photo
By Bruce Sussman
Tue | Apr 9, 2019 | 4:15 AM PDT

Oregon Endodontic Group is like a lot of small businesses. It is successful, it is busy, and it is focused on taking care of customers.

Then, quite suddenly, it gets punched in the mouth by a data breach.

Small business cybersecurity suddenly takes on a new meaning.

Breach notification

Oregon Endodontics had to explain its small business data breach in a letter to patients. Here are a few excerpts:

"Oregon Endodontic Group discovered suspicious activity in the company's email account... the investigation revealed that that malware was downloaded to the company's front office computer.

This malware has the ability to exfiltrate [that is, remove] data from emails... the account contained protected health information of certain current and former patients."

Here is the small business breach notification letter; click to expand:

dental breach letter (2)

Costs of a small business data breach

From a business perspective, the dentistry group suddenly faces:

  • possible damage to its reputation
  • expense from hiring a forensic specialist, notification, and setting up a dedicated phone line to answer questions
  • potential litigation

As a small business, how can you minimize your risk of this happening to you? And where should you start?

Here are some ideas from cyber experts.

Small business cybersecurity, 5 free resources

  1. NIST, the National Institute of Standards and Technology, was recently ordered by Congress to help small businesses with cybersecurity. We are big fans of the NIST SMB Cybersecurity Roadmap, and the Small Business Cybersecurity Corner has a lot of helpful information.
  2. The Small Business Administration has created a list of Top 10 Cybersecurity Tips worth checking out. 
  3. The Department of Homeland Security has created a printable Small Business Cybersecurity Tip Card, which is in plain English and jargon-free.
  4. The Federal Communications Commission has created 10 Cybersecurity Tips for Small Business, which is more in-depth than the DHS card and is also easily printable. 
  5. Lastly, SecureWorld resources: We offer complimentary cybersecurity web conferences for organizations of any size, led by information security experts. And attend your regional SecureWorld conference to hear strategies that larger companies and leaders are using to improve cybersecurity.
These small business cybersecurity tips may be too late for Oregon Endodontic Group.

However, they can help your organization take steps to reduce cyber risk.