Skip to main content
Risk Management Bulletin

10 Data Security Practices for Your Small Business

By August 1, 2016No Comments

1608-rr-3Your customers and clients rely on you to keep their data secure. If you don’t, their identities, credit cards and other information could be stolen, and you could be sued. Achieve data security in your small business when you take 10 steps.

  1. Perform a Security Audit

    The type and amount of data you store and the equipment that data is stored on affects the security system you implement. Evaluate your needs before you implement a security system.

  2. Know Your Industry’s Regulations

    All data needs to be protected, but different industries have different regulations. Research the guidelines so you can follow the law.

  3. Store Only Essential Data

    When possible, err on the side of keeping less data. It’s better to delete information and have to ask for it later than to store it and risk a breach.

  4. Store Customer Data Separately

    Keep your customer data and business information stored on separate networks. For safety, restrict access to the sensitive customer information.

  5. Improve Your Security

    Strong passwords, two-step authentication when accessing systems, pass codes on your firewalls and encryption are four ways to improve your security.

  6. Clean Your Computers

    Update and run antivirus and anti-malware software regularly, properly patch software, turn on system logs and archive them monthly, immediately deactivate former employees’ access, allow remote access only through secure VPN and don’t use Wi-Fi. You should also follow a written policy that outlines how and when to clean or destroy hard drives, USB memory sticks, CDs and DVDs as you keep your computers clean.

  7. Use a Shredder

    Instead of tossing sensitive documents in the trash, shred them. Use a cross cut shredder for best results.

  8. Turn Off Machines

    You probably log out of your computers at night, but remember to turn off copiers and printers, too. If they’re connected to the internet, the sensitive data stored on their internal hard drives could be compromised.

  9. Train Employees

    All of your employees should know how to guard data and how to protect their equipment, including mobile phones and portable storage devices. They should never store credit card information, open suspicious emails or store important anywhere except the company’s cloud-based storage system.

  10. Create and Enforce a Data Protection Policy

    Educate your entire staff on proper procedure. An official policy gives them something to reference and is easy to update as your security improves.