4 Data Protection Tips from Internal and External Threats


Most companies run on data. Even if a small business sells a physical product, they still have to manage sales, marketing, and inventory while using data. And even the smallest of companies could have information flowing in from multiple sources, including sales data from a CRM, customer surveys, or image and video content from digital cameras. Nearly every business function utilizes data, and small companies should do their utmost to treat data as one of their most valuable assets.

Small business owners should also understand the greatest threat to their company’s data usually resides within their own office. While hackers and malware are a risk, losing data often happens in a much more “low-tech” manner. Whether it’s an employee who leaves their company laptop in an Uber, or a business owner who shares their login information with a friend, data loss occurs through many different routes.

Thankfully, small business can take preventive measures to protect their data and hardware:

1. Develop a Data Management Plan

A formal plan is essential for any small business owner who wants accountability and transparency regarding their data. The plan should act as a dynamic roadmap that details where data is coming from (email, sales efforts, customer transactions), and then who has responsibility for managing the data. A plan delineates every person’s role in the business. For example, if a company has a customer service representative, that person needs access to customer information, but not their financial/payment information. A plan creates boundaries between staff and certain types of data, which inherently limits the chances of loss due to accidental or intentional actions.

2. Create Multiple Layers of Backups

Protecting data with backups is a classic “risk/reward” proposition. The risk in this situation is paying to backup your data. The reward is the peace of mind that comes with knowing you can access data at any time without interrupting the business.

Small businesses should first compile all of their data sources, and then pick several storage options. The worst option is to keep data on physical on-premises storage. For example, if the business owner keeps all of the data on unencrypted external hard drives in a drawer in the office. The key is redundancy. Use a mix of both physical (hard drives) storage and cloud services such as Amazon or Google. Create “backups of the backups” to provide additional coverage. Both types of storage are very inexpensive, with five terabyte hard drives available for less than $200. The big cloud providers offer terabytes of storage for low monthly fees, with the benefit of access through any internet connection. Data backups mean the business can operate as normal, even if it suffers a data loss.

3. Consider Compliance

You’ve likely read about compliance standards for companies that handle personally identifiable information (PII), or those involved in healthcare. Many smaller companies assume regulatory and compliance rules for data only apply to larger firms. However, it’s important to understand it applies to any firm that handles sensitive data. When developing a data management plan and data backups, consider any compliance implications. These guidelines dictate how certain types of data should be held and how that data can legally “move” between various systems or other entities.

4. Control Access

Even a one-person operation should follow smart data and system control best practices. For example, complex passwords are crucial for protecting hackers and other rogue elements that want to gain access to data. As the business grows, there must be an access control solution in place that grants (or removes) data access to employees. This control should be able to restrict the types of data that each employee can download or review based on their particular job description. If the employee has no business need for customer’s financial data or internal proprietary information, then restrict the access to lessen the chances of theft or inadvertent loss.

Small business managers and owners should develop a culture that views data as a precious asset. By properly organizing and controlling data, companies can greatly lessen the risks of loss and ensure they can operate the business without interruption.


About Author

David Zimmerman, CEO of LC Technology International, www.lc-tech.com

Leave A Reply