Small Business Saturday Blog
Top 10 security tips for small businesses storing personal data
Thursday, December 12 at 00:30
As Small Business Saturday puts small businesses and enterprises in the spotlight, it’s an ideal opportunity to shine a light on some of the ICO’s guidance to help make sure you are handling personal data safely and securely.
In celebration of Small Business Saturday 2019, the ICO launched a new SME website hub, developed to make it easy for sole traders, small businesses and SMEs to find the essential guidance they need to understand their GDPR obligations.
Almost every small business handles personal information and your customers share data online every time they visit your website, search for or buy something, or send you an email.
This information belongs to them. You should only use it in ways they would reasonably expect and it should be kept safe.
Since the advent of the General Data Protection Regulation (GDPR), which is the new data protection law that came into force last year, more people are aware of their privacy rights in relation to personal data and how it’s being used and looked after.
Good information handling makes good business sense. When personal information is accurate, relevant and safe it can save you time and money which, in turn, builds trust and confidence with your customers and staff.
The key to achieving this is making sure the personal data you hold is secure. We’ve set out our top 10 tips for businesses that store personal information on a network:
1. Know your data – start with an inventory – understand what personal data you have, make sure you know where it is, how it is stored and who has access to it.
2. Make sure you have a data security policy – or ensure your existing data security policies and procedures are up to date and reflect the needs of your business.
3. Train your staff – put your policies and procedures into action. One of the main causes of data breaches is human error. Make sure you provide regular and adequate training for your staff.
4. Change default passwords – any new devices you buy come with default passwords, which are well-known by attackers. Using your own passwords and limiting the number of failed login attempts can deter attacks on your systems.
5. Limit access - each user must have, and use, their own username and password. Their account should have permissions appropriate to the job they are carrying out at the time. Access should be cancelled immediately if a staff member leaves the organisation or is absent for long periods.
6. Secure your wi-fi - allowing untrusted devices to connect to your network or using work devices on untrusted networks outside your office can put personal data at risk.
7. Install a firewall – if you store personal data on a network your first line of defence should be a well‐configured firewall. It can stop breaches happening before they get deep into your network.
8. Update your malware protection - you should have up‐to‐date anti‐virus or anti‐malware products regularly scanning your network to prevent or detect threats.
9. Regularly back-up your data - back‐ups should not be permanently visible to the rest of the network and at least one of your back‐ups should be off‐site. Don’t leave back-up drives unattended and lock them away when not in use. If you store data in the cloud, make sure you know what data is there.
10. Think about encryption - ensure that personal data can only be accessed by authorised users by encrypting it.
What to do when there’s a personal data breach:
A personal data breach is broadly a security incident that has affected the confidentiality, integrity or availability of personal data.
If your business experiences a breach, your first priority should be to mitigate any risks to those affected, for example by resetting passwords.
If the breach is likely to be a high risk to people, you need to quickly notify those affected and advise how they can protect themselves.
You must also let us know within 72 hours of becoming aware of it. We will take details and advise you of any further steps you can take to mitigate the risks and prevent similar breaches in the future.
If you think the breach is unlikely to pose a risk to people, you don’t need to report it to us, but you must still document the details and your rationale for not reporting.
If you want to report a breach, or you’re unsure about any aspect of managing a breach, you can ring our helpline on 0303 123 1113.
We also have a self-assessment form you can use when deciding whether to report a breach to us.
There is much more information on reporting personal data breaches on our website. We have also created a webinar which you can watch.
There is a wealth of guidance and resources on our website for small businesses.
If you are unsure if you need to follow data protection law you might want take our short quiz first.
You will also find a self-assessment checklist which you can use to improve your understanding of data protection. It will also suggest some practical actions you can take to make sure you are keeping people’s personal data secure.
By meeting your obligations, you'll enhance your business's reputation and increase customer and employee confidence. It shows you mean business.
Faye Spencer is Head of Customer Contact, Information Commissioner’s Office (ICO).
- Zero to hero in Nottingham8 Weeks Ago
- Monday Seller Success with eBay: That Vintage Football Shirt8 Weeks Ago
- Rock on in Southend on Sea9 Weeks Ago
- Monday Seller Success with eBay: Purrfect Cat Gifts9 Weeks Ago
- One love, one heart on Ipswich’s high street10 Weeks Ago
- Monday Seller Success with eBay: Hampers by Lauren10 Weeks Ago
- Good graces in Bristol and Bath11 Weeks Ago
- Monday Seller Success with eBay: Top Dog11 Weeks Ago
- Weigh to go in Northwich12 Weeks Ago
- Monday Seller Success with eBay: Handpicked Penrith12 Weeks Ago
- Holy cow in Westmorland13 Weeks Ago
- Monday Seller Success with eBay: The game is afoot13 Weeks Ago
- All fired up and ready to go in Gerrards Cross14 Weeks Ago
- Monday Seller Success with eBay: Meteorite Man14 Weeks Ago
- Dorset's Ice Cream Appreciation Society15 Weeks Ago
- Monday Seller Success Story with eBay: Giddy Goats Toys15 Weeks Ago
- SmallBiz100 celebrated at the Blue Tie Event16 Weeks Ago
- Why apply to be a #SmallBiz100 2022?8 Months Ago
- From field to fork – making the most of Cheshire’s local produce13 Months Ago
- Sustainable living with BLANC14 Months Ago
- Pizza power14 Months Ago
- In the good books14 Months Ago
- From babygrows to beer kits14 Months Ago
- Smile and say cheese15 Months Ago
- The perfect planner for when you didn’t plan for this16 Months Ago
- Why apply to be a #SmallBiz100 2021?19 Months Ago
- Feeling lighter than air at The Float Spa3 Years Ago
- At the cutting edge of local community3 Years Ago
- Sewing the seeds of success in Scotland3 Years Ago
- Joco's leap of faith pays off3 Years Ago
- No messing around! How Tom Foolery Coffee Company pivoted during the pandemic3 Years Ago
- How Mandira’s Kitchen has its eye on spicing up your freezer3 Years Ago
- Wild about keeping it local and healthy in Bristol3 Years Ago
- Award winning small business announced at Blue Tie celebration3 Years Ago
- Free leadership training for SME leaders delivered by leading Business Schools3 Years Ago
- Six things you can do in your business right now3 Years Ago
- How can my employees return to work safely and legally after Covid-19?3 Years Ago
- What is it really like being a #SmallBiz100? – Stamptastic spill the beans3 Years Ago
- Why apply to be a #SmallBiz100 2020?3 Years Ago
- Why embracing technology should be your New Year resolution3 Years Ago
- Starting a new business: financial tips for start ups4 Years Ago
- Top 10 security tips for small businesses storing personal data4 Years Ago
- From architect to artisan at the Dumfries Larder4 Years Ago
- Putting down new Roots in Abergele4 Years Ago
- How Amazon is helping one woman tackle taboos and period poverty4 Years Ago
- Creating a community: What it means to be a small business4 Years Ago
- Building an enabling bridge, brick by brick4 Years Ago
- Get ready to rock with Rockit4 Years Ago
- How to create an event for Small Business Saturday UK4 Years Ago
- Jampacked with passion: the local cinema that’s giving back4 Years Ago
- Celebrating the North East’s cycle stars4 Years Ago
- Don’t know what to write about? 9 ideas for your next business newsletter, blog or social media post4 Years Ago
- Take a butcher’s at the first of the #SmallBiz100 20194 Years Ago
- 7 essential growth tips that small businesses need to know4 Years Ago
- Making a great first impression: photography & small business4 Years Ago
- Strength in numbers4 Years Ago
- How to choose the right pricing strategy for your business4 Years Ago
- How taking matters into her own hands led to huge success for Revival Retro4 Years Ago
- 5 content ideas every small business needs4 Years Ago
- The Flour Pot Bakery's secret to success4 Years Ago
- How to harness the power of Instagram and drive your business forward - the GB Labels way4 Years Ago
- Making Tax Digital is here! What does it mean for your business?4 Years Ago
- How we should champion success for International Women's Day4 Years Ago
- Step aside Mystery Shopper scheme - hello new Public Procurement Review Service!4 Years Ago
- The top three causes of entrepreneur burnout and how to avoid it4 Years Ago
- Get a great digital ad for your business for just £50, and help tomorrow’s entrepreneurs learn with iDEA!4 Years Ago
- Badge Your Brilliance with iDEA4 Years Ago
- How to make your Christmas the most successful yet!5 Years Ago
- Life in the fast Laine5 Years Ago
- Small businesses shine at launch of Silver iDEA Award St James's Palace5 Years Ago
- Local and sustainable is winning formula for SmallBiz100 Hays Hampers5 Years Ago
- Red Herring Games – Case Study5 Years Ago
- Keeping Up With The Tylers: How To Move With The Times5 Years Ago
- Making our own kind of music at the Blue Tie Ball5 Years Ago
- How to guest blog (and look like you know what you’re doing)5 Years Ago
- How to market your small business on a budget5 Years Ago
- Top summer marketing tips!5 Years Ago
- Purposely: embedding purpose into the heart of your small business5 Years Ago
- A ‘Dog Day Afternoon’ for Britain’s small businesses5 Years Ago
- Five ways to make your business successful in five years!5 Years Ago
- SmallBiz100 Mooch revive the local high street5 Years Ago
- Why apply to be a SmallBiz100 2018?5 Years Ago
- SmallBiz100 Julu on design, manufacturing, and building an online business with friends5 Years Ago
- Small Business Champion Series From Rich Brady ... Setting Business Goals5 Years Ago
- SmallBiz100 Techsixtyfour on how to successfully build an online business5 Years Ago
- SmallBiz100 Frequently Asked Questions5 Years Ago
- Small Business Champion Series from Rich Brady...Putting the Family into Family Business5 Years Ago
- Exporting - not just for the big!5 Years Ago
- Can Giving Really Be Good for a Small Business? Spoiler: Yes!5 Years Ago
- Let's get organised....5 Years Ago
- Is your business leaking money?5 Years Ago
- Podcasting - The Ultimate How-To Guide - Part 25 Years Ago
- Setting BIG goals – why do it and how to go about it5 Years Ago
- International Women's Day 20185 Years Ago
- 9 tips for Business Success - it's all about love.5 Years Ago
- Demystifying LinkedIn for Small Businesses5 Years Ago
- 10 Top Money Tips for Small Businesses5 Years Ago
- Organising a Small Business Event - Tips from the Experts5 Years Ago
- 12 Top Tips for Micro-businesses5 Years Ago
- ACCA on board the Small Business Saturday Bus Tour6 Years Ago
- Is Britain Becoming a Cashless Society?6 Years Ago
- Small Business Spotlight - How Technology Can Help Small Businesses6 Years Ago
- Taking Your Business Beyond the High Street6 Years Ago
- 5 Ideas to Improve your Time Management6 Years Ago
- The Small Business Saturday Bus Tour launches across the UK for its fifth year!6 Years Ago
- Making the most of Small Business Saturday7 Years Ago
- Why I applied to Small Biz 100: Crafty Revolution tells all8 Years Ago