Last week we talked about SCA-compliance. Today we get into the nitty gritty of data protection for small business.

Brace yourself! It can be a tricky world to dive in, especially when you are a first-time business owner. 

However, due to the steady increase of cyber-crime over recent years, it’s crucial that businesses protect themselves against the potential loss of data and money. 

What is cybercrime?

Cybercrime consists of a series of criminal activities aimed at breaching a company’s computer security. The phenomenon poses a serious threat to consumers and businesses alike exposing them to multiple risks. 

According to the BBC, cyber-crime victims are losing £190,000 a day in the UK alone.

An electronic break into your system might result in the loss of financial information of your business or your customers. It might also deny service to your company website or install a virus that will monitor your future online activity.

Cybercrime doesn’t threaten only big companies but it targets small businesses as well. 

Actually, small business owners represent the perfect prey. In the frenzy of getting their company “out there”, they easily forget about data protection and focus mostly on gaining traffic and attention.

Being quite small comes with perceived omnipotence. “Who’s gonna come after me?”, business owners might think. 

This is the reason why small companies are often way less prepared when hackers try to extract data from their information systems. 

Don’t worry, though, InvoiceBerry has your back! Follow this guide to get all the best tips to protect your business from falling prey to cyber-crime.

Backup your data protection efforts

Let’s start from the very beginning, that is the information held and received by your company.

Business data shouldn’t be kept on one device alone, be it a laptop, tablet or phone. What if it gets stolen or it breaks? What are your plans in case your information system is hacked and your data leaked?

Companies need to backup everything on a weekly basis; it’s the best and quickest way to overcome system failures, physical damage or cybercrime. 

Unfortunately, paper copies are not an adequate option; they’re too easy to damage in the event of fires or flooding, for instance. 

The best way to protect your business is to create a backup and store it separately from your main devices. You could use a cloud storage service or an external hard drive.

Never heard of the cloud or maybe just a tad confused about it? Have a read here to understand it fully.

Digitalise your paper documents

If you hold physical documents pertaining to your business, they need to be protected from any possible damage.

Avoid losing data by digitalising and including your paper documents in your weekly backups. This way, you’ll be safe against floods, fires, theft, etc. 

You can use portable scanners or, if your smartphone has a good enough camera, there are plenty of apps that work as a document scanner.

Be careful with sensitive information

When sharing personal details, you need to be extremely careful. Make sure the receiving end is reliable and that you have the permission to send the data.

What do we mean by “personal information”? It can encompass anything ranging from a name, address, health details, salary, etc.

According to the General Data Protection Regulation (GDPR), “personal data” is any information from which a person can be identified or potentially identified from (surnames and nicknames included).

It’s worth it to invest in measures like switching to dedicated server and updating your data protection and encryption. Really and truly you can never be too careful when it comes to protecting your data and information, in fact companies of all sizes also use online data rooms to share sensitive documentation, for added security.

Plan, plan, plan and… plan some more!

The worst thing about a cybercrime emergency or any kind of damage to your systems is their abruptness.

Although you can’t obviously schedule such an emergency, you can surely plan its potential solutions ahead of time. What will you do, for instance, if your system gets hacked? 

Prepare all your employees for the worst, distribute clear tasks to everybody and make sure their emergency-related knowledge is refreshed at least once a year. 

And we get that cyber attacks sound scary, but avoid the urge to rush to set up a plan which is not well thought out just because of fear.

Take your time to lay out the business’ strengths and weaknesses. Once you’ve weighed all aspects, you can proceed to make a decision and create your own data protection policy (see below). 

Beef up your password game

Carrying out transactions, sending documents and generally managing customers’ data protection can be done safely by taking a preliminary measure: strong passwords. 

What makes a password strong, though? The best passwords are both complex but easy to remember. Here you can find some guidelines to set the perfect password.

Don’t:

• use your name/surname/username;
• go for “1234…”;
• choose the word “password” as a password;
• use personal information;
• set it to “iloveyou”.

Do:

• avoid common passwords;
• create a password of, at least, 8 characters;
• use both letters (upper and lower case) and symbols;
• choose different passwords for separate platforms.

Keeping track of all your passwords can be a little overwhelming, so why not use a password manager? 

Install a firewall and an antivirus software

No cybersecurity plan is complete without a firewall and an antivirus, as they are the essential mechanisms to protect your systems. 

What’s the difference between them? 

Firewalls and antiviruses work on different kinds of threats. In fact, while the first work as a barrier for the incoming traffic to the system, the latter are a protection against the internal attacks like malicious files etc.

In regards to firewalls, computers are usually provided with a pre-installed internal firewall. However, the safest way to go is to install an external one as well.

Why don’t you suggest your employees do the same, especially those working from home? After all, better safe than sorry!

Use a VPN to protect your internet privacy

A VPN (virtual private network) uses encryption technologies to make a virtual encrypted “tunnel” between your device and a VPN server. 

This means that no one can see where you’re going or what you’re doing while your traffic is in this tunnel between you and a VPN server.

VPNs are particularly useful when you’re working in public spaces and using public Wi-Fi connections. They will give you complete online privacy and won’t allow your data to be stolen.

Draw up a Data Security Policy

Once you’ve gone through all the above-mentioned tips, the next step is forming a data security policy. This will enable the safeguarding of information belonging to your company.

By printing out or distributing a data security policy, you’ll give your employees the chance of having a point of reference in case of emergency. Actually, it can be used as the perfect tool to carry out our last suggestion: education.

Promote digital education

If you’re looking to prevent any data security failure, you want your employees to be as informed as possible. 

Everyone needs to understand the importance of data security protocols, therefore, your policy on the matter needs to be as accessible as possible.

Send it to your employees and run a few workshops to thoroughly explain how it works. You’ll see the results!

Conclusion

Improper information sharing, data transfer, damage to the property or assets, and breaching of network security are just a few of the many threats that can harm your business. 

However, with just a little help from our security guide, your company and your customers will be safe and sound. Ready to plan your data security policy?