How Small Businesses Can Protect Themselves Against Data Breaches


Cyber security is an ever-growing concern for small businesses, particularly given that 58% of malware attack victims fall in the small business category. Unfortunately, protecting oneself against these threats without the benefit of a large security budget or a dedicated IT team can pose a significant challenge. Here's how small businesses can protect themselves against data breaches:

Join our Business Achievers community and get access to downloads to help your business, free online training courses and network with members to help grow your business.

Recent regulatory changes brought on by GDPR add even more challenges and opportunities to the area of small businesses cyber security, specifically around data security. With the increased scrutiny around how companies use and protect personal data brought on by GDPR, the topic of protection against data breaches is even more pressing for small businesses. 

A Good Time for Small Businesses to Review Data Security

While article 30 of GDPR technically reduces many of the compliance requirements for enterprises employing less than 250 employees, there are several exceptions which can be open to interpretation given the lack of precedent with these new regulations. This means that whether these requirements apply to a small business or not can be difficult to determine, and the safe bet would be to try to meet the GDPR regulations regardless of the size of the business.

Given that GDPR is here to stay, and that the regulations could apply to businesses of any size, it’s a good time for small businesses to review data security. Sometimes the external pressure of new regulations is just what a business needs in order to prioritize, so businesses could rightly view GDPR as a blessing in disguise.  

So what can small businesses do to protect themselves from data breaches and ensure that customer data is handled in compliance with GDPR? Luckily, there are several relatively simple tips in three important data security areas which will set them on the right path without investing an unrealistic amount of resources.

Recommended reading: How to Protect Your Company From a Data Breach

Get Help to Secure Internal Communications

With human error the leading cause of data breaches, it’s important that businesses take steps to ensure that data security procedures are straightforward and simple to follow. In fact, the “integrity and confidentiality principle” in GDPR states that businesses must have data protection measures in place for all data in their possession or face potentially crippling fines.

One approach is to use a secure internal team communication tool, many of which are priced based on the size of the company and therefore can be affordable for small businesses. Many of the companies in the team communication field have already updated their products to ensure that businesses of any size can more easily meet GDPR data security requirements.

One such option is Brosix, which specializes in providing teams with secure private internal communication networks. All communication on these networks is fully encrypted, and the networks themselves are also fully administrable by the small business itself. Network administrators can decide who can communicate with whom. This eliminates the chance of employees accidentally sending data to the wrong person and creates clear data ownership, key components of data security.  

Recommended reading: How Can I Protect My Business From Cyber Attack?

Employee Training

Unfortunately, It’s not enough to simply create procedures for data protection, or enlist the help of a secure communication tool. Small businesses must take the time to ensure that their employees are well trained in how and why to use them. This may seem obvious, and yet the field of employee training against cyber security threats is an often neglected area, with many trainings carried out pro forma.

It’s important to explain the reason underpinning any new training. Without a strong connection to the “why” behind any new policy or procedure, learnings from trainings are less likely to be lasting. This is best done by learning through real life cases, which can help highlight the potential dangers that businesses face. Potential topics to include are: 

  • How to spot a phishing email
  • How to react in case of a data breach
  • How to use the business’ preferred internal communication tool and malware protection
  • Rules around device usage

There are many more topics that could, and should, be covered in any good employee training program. While small businesses may not have the luxury of a dedicated training team, they can certainly rely on the enthusiasm of employees. Designing and leading trainings is an important skill to develop, and can be the perfect stretch goal for employees.

Keep Track of Personal Devices

While some small and medium businesses may have the resources to provide work devices (smart phones, laptops, etc.), others likely rely on employees at least occasionally using their own devices in order to access data, aka BYOD or ‘Bring Your Own Device.’ This could leave the business vulnerable to data leaks and breaches, particularly if it’s unclear the level of protection on employees’ have installed on their devices. Simply put, the more devices on a network, the bigger the risk of a data breach.

In order to protect themselves, small businesses should set clear policies around the use of personal devices. Such policies could include limiting the access of sensitive data accessible on these devices, installing the businesses agreed upon cyber security program, and ensuring the employees keep their devices updated. Establishing these policies limit the risk of data breaches or accidental leaks, without removing the costs savings of BYOD.

Final Thoughts

Protecting data and meeting data compliance requirements can seem like a challenge for small businesses, but there are some relatively simple steps that they can take. While many in the sector are still grappling with the new requirements brought on by GDPR, others are rightfully viewing this as an opportunity for a much needed revamp of their data handling, processing and overall security. While there is no one off solution that will work for all small businesses all of the time, beginning and continuing the conversation within an organization is certainly the right first step.

Over to you now. What steps have you taken to protect your small business from data breaches? Tell us in the comments below.

How To Get Your Brand Message Across
Why Making Good Financing Choices Could Be The Dif...

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 16 December 2019
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips


Jill Holtz
2343 Points
Tena Glaser
1395 Points
Michael Lane
802 Points
Ron Immink
732 Points
Fionan Murray
721 Points
View Leaderboard