The rise of large corporations hitting the headlines over data breaches, alongside the implementation of the recent GDPR has led to a drastic decrease in consumer trust relating to data protection.
A huge 75% of consumers believe that companies do not take the protection and security of their data seriously. We’ve put together the following steps for small businesses to provide guidance on how best to protect your customer and prospect data.
What are your data requirements?
If you know what is legally required of you and how to carry out these requirements, then you’ve already taken the first vital step! Our top tip is to always make a note of what you’re doing and why. Educating yourself initially on the reasons you need to take these steps will help you understand why these guidelines are here in the first place and will help minimise likelihood of any breaches in the future. Read our blogs on GDPR for further guidance or visit the ICO website.
Assess, audit and review
Data breaches can often be company specific, however, familiarising yourself with possible risks within your industry can drastically help reduce the likelihood of a breach occurring in your organisation. Regular audits of your data processes will not only help to streamline current procedures but will be essential to minimise any potential threats. A good data audit will answer questions around the state of your current and future data. What data do you currently hold and why? When and how was it collected? What do you do with the data and who is responsible for ensuring its kept up to date? Set aside a timeframe for doing this and stick to it! Audits are essential to ensure you remain compliant so treat it as a priority, and don’t forget to document all assessments so they can be referred to if any changes are made.
According to Ponemon in their 2018 Cost of a Data Breach Study, human error is a leading cause of data breaches within the financial sector and nearly 18% of cyber-attacks resulted from employees clicking on harmful links, opening malicious email attachments or engaging with other direct social attacks (2). Having the correct processes in place is a sure step in the right direction to reducing breaches, however thoroughly training your staff is essential to ensure these procedures are properly adhered to. Start by carrying out simple steps such as using strong passwords, shredding documents correctly, educating staff of online threats and making sure they are aware of any changes in your data procedures. Organise regular training sessions dedicated to data protection and make sure you keep everyone in the loop through weekly emails and updates.
Who are you doing business with?
In the B2B industry there is often the transfer of data between two companies, and although you might have taken the necessary steps to ensure your data is protected, have they? Always check this before you start a working relationship with any company and don’t let another’s liability come back to bite you!
Staying on the ball of your data protection procedures and processes is the key to building trust with your customers. Set high standards and make sure staff and business partners are complying with them!
Please note this article is intended for guidance only and is not intended as legal advice