Has Your Company Devised A Data Breach Protection Plan? Here's What You Need To Know


Companies around the world meet at various times throughout the year to discuss their business goals and investment priorities; with increasing revenue, diversifying their service offering and hiring new talent being just a few common examples. However, one area that is often overlooked amongst small businesses is the security of confidential data. Has your company devised a data breach protection plan? Here's what you need to know:

Join our Business Achievers community and get access to downloads to help your business, free online training courses and network with members to help grow your business. 

SMEs often assume that their relatively smaller operations, when compared to the scope of multinational organisations, make them less of a target for hackers and thieves, when in fact their lack of resource could make them particularly vulnerable to damaging data breaches.

A recent report conducted by Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) found that 42% of small businesses have experienced a cyber attack in the last year alone. More concerningly, while 68% of respondents suggested that having a data breach protection plan was a high priority, only 35% were found to have staff in place whose job role included internet security or governance.

Given these statistics, it seems that SMEs can no longer afford to neglect storing, using and disposing of their sensitive information securely. Here are three essential steps to achieve this:

1. Store and dispose of paper documents securely

Although the security risk that paper documents carry is often overlooked, a report published by the ICO in 2016 showed that 40% of all data security incidents were related to paperwork. Meeting notes, tax information and even employee data are all regularly printed and left unsupervised on desks or in unlocked storage cabinets, free for ill-intentioned third parties to steal and use at a business’ expense.

Moreover, employees often assume that throwing old documents into bins is enough to dispose of the data securely, as the waste is collected regularly and sent away for recycling or to the landfill. However, thieves or even potential competitors, are well aware of these insecure practices and often target bins as a means to obtain copies of customer invoices, payroll records and confidential financial statements to commit identity theft, steal ideas and other fraudulent activities.

With this in mind, small businesses could introduce a clean desk policy to avoid a physical data breach. A clean desk policy is a rule that requires employees to declutter their workspaces at the end of each day to hide documents from third parties. Employees can decide to either store their documents in a secure location on-site or in an external document storage facility or dispose of their documents by shredding them. Many already choose to hire document disposal companies for this purpose, as their cutting-edge machines ensure a level of destruction common office shredders cannot provide.

Recommended reading: How to Protect Your Company From a Data Breach

2. Think like a hacker

Perhaps the most important feature of a data breach protection plan is cybersecurity. A recent report by DLA Piper found that 59,000 data breaches have been reported across Europeans companies over the last eight months, equating to one every five minutes. While many of the victims were larger corporations, SMEs were also targeted as their lack of expertise left them vulnerable to hacks.

However, small businesses can still protect themselves online by following a particular approach - thinking like a hacker. By putting themselves in the shoes of their attacker, companies can predict potential ways their data could be compromised and take necessary precautions to prevent it.

For example, hiring cybersecurity experts to perform some penetration testing on your company servers and databases will alleviate the risk of your data being stolen. This involves launching a simulated attack on a computer system to find potential weaknesses, and if done correctly, it can close off your network from hackers. Although it might strain the budget of some SMEs, the financial and reputational damage of a data breach could be far worse.

Accommodate for human error

While small businesses can design and execute the perfect data breach protection plan, there will always be one weak link - their employees. Human error is always going to be inevitable, and there will always be situations where a member of staff could put the company at risk. Nevertheless, steps can be taken to reduce the risk of human error playing a part in a data breach.

Training staff in cybersecurity best practices is essential. While the example needs to be set by those at the top, everyone should be made responsible for protecting the business from those who would want to do it harm. There are eLearning training sessions available that cover online and offline security, while industry experts could also be invited to take part in Q&A sessions. Whatever route you choose, it’s important to regularly train and test your employees to keep their knowledge up to date.

For instance, staff should be made aware of common hacking risks, such as using a public WiFi network when working on remotely. Competent hackers can use open networks to send out malware and gain access to a company’s software to steal confidential information which they can later use to blackmail either the individual or the company itself. Incorporating a comprehensive cybersecurity training schedule within a data breach protection plan is therefore crucial to mitigate the risk of easily-avoided mistakes.

Recommended reading: How Small Businesses Can Protect Themselves Against Data Breaches

Key takeaways

Small businesses have plenty to offer, and the value of their services makes them a target for thieves and hackers. SMEs are especially prone to these attacks due to a lack of finances or a sense of complacency, yet they can no longer afford to neglect preparing for the worst. By introducing a mixture of physical and cybersecurity best-practices, as well as communicating the new procedures across the team, businesses of all shapes and sizes can prevent a data breach.

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 17 November 2019
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips


Jill Holtz
2325 Points
Tena Glaser
1395 Points
Michael Lane
802 Points
Ron Immink
732 Points
Fionan Murray
721 Points
View Leaderboard