Claims hotline

Avoid a security breach with these small business data protection tips

Jun 16, 2020.

These days, almost all successful small businesses have an online presence, whether that’s a sophisticated e-commerce store, a popular blog or just a place where you can communicate with potential customers. But with data and cybersecurity breaches on the rise, even the smallest of businesses can fall foul of online hackers.


Here, we look at some of the simplest ways to protect your data, and your online business presence, today.



Customer safety comes first

If you’re keeping customer details on file, such as addresses and credit card details, you must ensure that these are kept safely in a secure, encrypted place online. Accidentally leaking customer details can destroy customer confidence in your business forever, making it extremely hard to regain trust afterwards.


Don’t overlook the basics either, such as passwords—use long, complex passwords with a mix of letters and numbers, and change them often while teaching your employees to do the same.



Arm yourself with data protection software

Your first priority should be finding ways to protect your website, particularly if most of your business comes through it via direct sales.

Invest in up-to-date security protection software such as firewalls, malware protection and patches, and consult an external security consultant or expert who can advise you on where the biggest gaps in your website security can be found.


If you’re using a web host, make sure it is secure and trustworthy, and always back up any key data on a secure, cloud-based server in case a hack leads to the destruction of your website.



Break down silos

When it comes to establishing tight data and cyber security at your small business, it’s important to keep your employees in the loop.

If possible, introduce basic cybersecurity training sessions and a consultable handbook for new employees, as well as the occasional refresher course for current employees, to help them understand the importance of staying secure and the best ways to do it.


Watch the Generali on demand Webinar (in German).


Find out how Generali protects your SME here.

Make sure all employees know who to contact in the case of an IT or other company emergency – whether it’s someone within the company or an outside agency. Establish rules around using work computers for personal use, such as using a personal email address, which could be more vulnerable to being hacked.


Teach your employees how to encrypt important data with security protocols such as IPsec (Internet Protocol Security) and TLS (Transport Layer Security). Make sure to be aware of risks posed by unprotected mobile phones too, as lost or stolen employee phones could potentially lead to major security breaches.



Better safe than sorry

If multiple people have access to key systems, think about adding two-factor authentication to limit the risk of hacking. This could include verification via secret tokens, additional complex passwords or biometrics such as fingerprints.


Avoid using questions that could be commonly known or discovered in your authentication process, such as birthdays or birth location, and be aware that phone number or email address verification, while straightforward, can be compromised through hacked accounts, stolen phones or item cloning.



Cybersecurity on social media

Finally, always ensure that you and your employees behave sensibly on social media—be that on Facebook, Twitter, Instagram or other platforms.


Poorly thought out social media posts can easily lead to a cyber security breach, with brands often giving away information that makes it much easier for hackers to guess their way into a website or create a convincing scam to fool customers.


Check all posts for potentially sensitive information before they go live, keep any personal information on social media to a minimum and make sure your employees do the same. Use it purely as a tool for promoting the business. If you’re using an agency or an outside source to manage your social media, make sure you know exactly who has access to which areas and limit their exposure to any sensitive information that could lead to later security issues.


Maintain different, complex passwords for all accounts and try to stay aware of any potential scams or suspicious requests made via social media—if it sounds too good to be true it probably is, so use common sense and take all of the necessary precautions.


Don't risk a security breach – find out more about our cyber insurance products here.