Protecting your business against data theft

With the data protection rules (GDPR) in force since 2018 and a number of high profile data breaches reported in the media recently, a lot of emphasis is being placed on cyber security and protecting your business from data theft.

When customers hand over personal data, they expect to be able to trust it is secure, which is why the new regulations highlight the need to obtain permission to hold information and to delete it when necessary.

Fortunately, there are measures that small businesses can put into place to ensure compliance without having to break the bank.

Here are our top tips for cyber security:-

1. System updates

One simple way of ensuring better data protection is to keep your computer systems up to date. Windows and MacOS updates usually require nothing more than the click of a button. Updates are issued very frequently as developers work continuously to close loopholes in their software products.

Web browsers will often update without your or your employers needing to do anything. Their position on the front line against threats originating from the internet means it’s more important than ever that security updates occur with as little user intervention as possible.

2. Antivirus products

Running an antivirus program provides additional protection to your operating system. Although the free versions of the software are tempting, it’s worth investing in a paid option to benefit from the extra protection this will give. With rules around data breaches becoming stricter and fines heavier, solutions costing less than £100 a year could save you a fortune in the long run.

3. Password security

Encouraging all staff to create strong passwords is a must. Many data security firms offer basic training on cyber security, and password creation is typically a part of this. Longer passwords that mix lower and upper case letters, numbers and special characters are preferable, and words connected to employees, such as a pet’s name or maiden name should be avoided. Many companies now have automatic password expiry procedures which require users to change their password every month or two and which won’t allow previous passwords to be re-used. It may well be worth having your IT consultant make this change for you as it ensures all users use secure passwords and change them often.

4. Email security

Basic training will also cover what to look for in an email that could be malicious. Making your team aware of the risks of clicking a suspicious link or opening an attachment when the sender is unknown is a simple yet crucial part of keeping data theft opportunities to a minimum. It’s also advisable to put a procedure in place for occasions when an employee reports – or accidentally clicks on – a suspicious email.

Attempted cyber attacks on SMEs may include email cloaking, phishing or malware – these are all fairly common nowadays and your staff should be provided with information about the type of attack and what each looks like so they can recognise a threat when it occurs.

5. Backing up and deleting data

All businesses should ensure that their data is backed up frequently so that in the event of an attack, the company cannot have their systems frozen and then be held to ransom. Additionally, when customer data is no longer current or a customer has withdrawn permission for their data to be held, it should be deleted from all systems.

If you wish to ensure that your systems are up to scratch the best way to do this is go through the Cyber Essentials process. You can find more details about this here

Need further advice on any of the topics being discussed? Get in touch and see how we can help.

    By submitting this form you agree to our Privacy notice and Terms and conditions.
    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Avatar for Jon Pryse-Jones
    About Jon Pryse-Jones

    Since joining THP in 1978, Jon Pryse-Jones has been hands on with every area of the business. Now specialising in strategy, business planning, and marketing, Jon remains at the forefront of the growth and development at THP.

    An ideas man, Jon enjoys getting the most out of all situations, “I act as a catalyst for creative people and encourage them to think outside the box,” he says, “and I’m not afraid of being confrontational. It often leads to a better result for THP and its clients.”

    Jon’s appreciation for THP extends to his fellow team members and the board.  “They really know how to run a successful business,” he says.  He’s keen on IT and systems development as critical to success, and he continues to guide THP to be at the cutting edge and effective.

    Join The Conversation
    ICAEW
    Cyber Essentials Plus certification
    Sign up for our Newsletter