How to keep data secure: A small business guide

In the digital age it’s much easier to manage and store large amounts of data. But with that comes the inevitable risk that the unscrupulous will attempt to access and exploit that data. That’s why it’s more important than ever to find out how to keep your business data secure. The issue of data protection for small businesses should be at the forefront of every enterprise.

Why protecting data should matter for all businesses

Of course, any data that your business acquires not only relates to your business finances and the operation of your business, but it most likely belongs to your customers too. Therefore, protecting customer data is of paramount importance not only to ensure against data breaches and the potential financial loss, but also the resulting reputational damage.

How does the Data Protection Act affect a business?

In 1998 the Data Protection Act (DPA) defined in UK law how personal data relating to identifiable living people could be processed. The act governs the protection of data in the UK and Northern Ireland. So how does the Data Protection Act affect a business? 

It’s your legal obligation to follow data protection rules if your business uses or stores the personal information of customers and employees. You accrue personal data whenever you recruit staff or manage staff records, when you market your business or if you use CCTV. Data can exist in various different forms, from delivery addresses to medical details.

Visit the government website to find out more about how  breaking the Data Protection Act can impact your business .

What are the consequences of breaking the Data Protection Act?

So why is the Data Protection Act important? Data doesn’t just constitute information such as the hours that staff work. It might also include credit history, employment history, contact details or convictions.

Data can be deeply personal which is why when there is a company data breach on a large scale it can occupy a number of column inches. The potential outcomes of the breaches can be financially or personally disastrous if that information is misused.

It is the legal right of all those who have supplied your business with data that their data is protected. All the data your business holds must be kept secure and up to date. If you breach data protection rules, you may receive a hefty monetary penalty or prosecution.

Methods of protecting data

Until fifty years ago, businesses, organisations and government managed data largely in paper form. Today information is networked using digital systems. Although we may have moved largely from paper to digital in the running of our businesses, it’s important that methods of protecting data are robust and up to date. This remains the case irrespective of the size of your business.

Securing your home network

It’s convenient and cost-effective for a lot of small businesses to operate from the home. Because a business is home-based it’s still crucial that businesses protect their customers’ data by ensuring their home network is secure. Be sure your Wifi network is encrypted and turn off remote access-related features. Make sure you change the significant default settings and update the router’s firmware.

Physical methods of protecting data

There are some common sense physical methods of protecting data that you can implement when managing your business, whether that’s from home or from a business premises:


  • Make sure the building or rooms where data is contained are locked when you’re not there.
  • Ensure good security systems are in place, like well-functioning locks, keypads or swipe cards that only the appropriate people can use.
  • You might consider it appropriate to fix to the desk computers with information stored on the hard drive.
  • Identify laptops with the postcode of your business in the event that one is mislaid by a member of staff.
  • Adhere to the obvious security measures like keeping windows secured when you’re not in the building.
  • Security measures like CCTV not only documents crime but can deter a would-be criminal from entering your business premises in the first place.
  • Larger firms might employ security guards and a pass system that limits access to your premises.
  • If you work with sensitive data then be sure to position screens away from the sight of passers-by, customers or clients.
  • Keep your passwords secret at all times.

Protecting data in the cloud

Alongside the physical data protection options, an increasing number of users store data in the cloud. Cloud-based storage solutions are a convenient way to store data that can accessed only by those with the relevant access information. Solutions like USB sticks have ceased to be the preferred way to transport and store information. Though cloud-based solutions are becoming the norm, the security of such systems is struggling to keep apace with developments.

If you elect a cloud-based solution, remember that it is only as secure as your own password. So be scrupulous in changing your password at regular intervals and keep that information secure (ideally in your head). There are several methods you can use to generate a robust and memorable password.

Use encryption to protect your data or choose an encrypted cloud service. Before you transport your data to a cloud, it’s first worth undertaking a cloud risk assessment so you are aware of any potential issues. There’s a lot of detailed information on the web which will help you to make an informed choice about which cloud-based storage solution to go for, so it’s worth investing a little time in this activity.

Ways of protecting data stored on a mobile phone

The office is becoming increasingly transportable, as more and more people conduct business on their commute, between appointments or on site visits using their mobiles. Therefore, it’s important to understand the emerging ways of protecting data stored on a mobile phone. Smartphones are fully-functional pocket computers; as such they can access the same complexity and sensitivity of data.

What’s more, mobiles are a lot easier to lose than a desktop computer. In the event a phone is stolen it’s not just the material cost of the phone or the inconvenience that is the major concern. Rather, it’s the protection and preservation of the information the device carries that should be prioritised. Sensible steps you can take to protect your phone include:

  • Keeping your smart phone updated with security fixes.
  • Installing security software on your phone.
  • Always using a PIN number to minimise swift access to your data.
  • Only downloading apps from a trusted company or legitimate app store.
  • Being cautious about the types of site you visit and when you log into certain accounts over unsecured wireless public networks.
  • Backing up the information contained on your phone, again ensuring this data remains protected too.

While the exploitation of data can happen opportunistically, you can decrease the chances of this happening by putting in place the necessary security enhancing steps. Mitigate the damaging effects of cybercrime further by getting the right level of insurance for your business.

If you offer products or services, then having the right business insurance is important. Find out more about how our  home business insurance  can cover you 

Request a callback

* Please note, if you select a Bank Holiday, we will call you on our next working day.
Our operating hours are 9am to 6pm Monday to Friday, excluding bank holidays.

Thanks, we'll be in touch shortly