Think hacks and data breaches are dangers exclusive to large enterprises? You're not alone, but you're also not correct. In fact, SMEs often have more to lose than large enterprises. SMEs have fewer resources to cope with the aftermath of a breach and less of a business safety net. To see these facts in action, take a look at what's happening to Lime Crime, the indie vegan makeup company currently suffering severe brand damage thanks to a data breach that has turned many of its customers into identity theft victims.
The Lime Crime data breach first surfaced in the fall of 2014, but the outcry only began to gain steam earlier this February, when a member of Reddit's 230,000-subscriber makeup hobbyist community voiced concerns about fraudulent charges made after buying products from the Lime Crime website. Other members chimed in with similar experiences. A pattern quickly emerged, until it became clear that Lime Crime had suffered a breach, and its customers were suffering the consequences.
More damningly for Lime Crime, post-purchase identity theft wasn't the only pattern to emerge. Lime Crime customers began to notice the company deleting its social media posts when customers commented on them with complaints about the breach. By the time Lime Crime made a public statement addressing the breach, the harm to the brand had already been done. Customers and social media followers pointed out that the company had most likely been aware of the breach since October 2014. Finally, the breach and the company's response to it opened the floodgates for angry customers to voice other complaints about Lime Crime, ranging from product quality and formulation to the company's business practices and the public persona of its founder, "Doe Deere."
All in all, the brand damage for the company, which is sold in a small number of retail outlets but relies on its fans online for free social media and viral marketing, looks significant.
There are lessons here for other small and niche enterprises to keep in mind. The first and most obvious lesson, of course, is that no one is safe. News coverage of data breaches may make it seem as if only well-known global corporations get hacked, but the truth is that any business that handles sensitive information can become a target. The second lesson is that every organization needs a response plan ready, should the worst happen. When it comes to customer trust, Lime Crime most likely lost more goodwill thanks to its slow public response and lack of transparency than it did by falling victim to a data breach in the first place.
Indeed, many more customers are pointing the finger of blame at Lime Crime itself than at the cybercriminals who hacked the company. For small and niche businesses that do most of their business online, positive word of mouth is essential. A preventable data breach—some are suggesting that Lime Crime was using an expired SSL certificate—and poor response after the fact are powerful ways to turn positive customer conversations into negative ones.
Don't let your business become a worst-case scenario when it comes to data security. No matter how few or how many transactions your systems handle a day, you need the appropriate security infrastructure to protect your company's sensitive data, and you need a plan to handle incidents if they occur. In the absence of these preparations, your brand is risking data breach disaster.
Photo courtesy of Shutterstock.