GDPR Top Tips for Small Businesses

Following on from our earlier blog post about GDPR, we’ve put together some top tips for small businesses which should make data protection that little bit easier.

  1. Anti-virus

Always make sure any computer equipment has suitable anti-virus software installed. SME’s are a huge target for cybercriminals, largely due to them being ‘soft targets’ so it’s important to make sure that your cybersecurity measures are up to scratch. Some popular examples of anti-virus software include Avast, Bitdefender and McAfee. When selecting an anti-virus solution, make sure it has sufficient protection for the types of activities your business engages in. Once installed, it’s important that you keep your anti-virus software up to date by enabling auto-updates.

  1. Password Protection

It’s important to make sure that all systems you use (including personal devices containing emails or business information) are password protected. Ensure that passwords are strong, secure and can’t be guessed easily. Avoid using passwords that include your name, the company name etc. Everyone in the business should have their own, unique password. Norton offers a tool which generates random, secure passwords. Most web browsers come with a built-in feature to automatically remember passwords which can help if you have several different passwords to keep track of. Passwords should be changed regularly, at least every six months, but the more often the better. Consider setting a regular reminder in your calendar to encourage you to change your password.

  1. Secure Storage and Shredding

If you have any hard copies of personal data, it’s important to store them securely in locked cabinets and shred them after they are no longer needed. Avoid leaving copies of personal data lying around in open view. If you are taking hard copies of personal data out of the usual work environment, consider if this is essential and ensure that it is done as safely and securely as possible. Keeping key logs and other tracking methods can be a useful way of seeing who has access to what and if/when it might have left the office.

  1. Data Protection on the Phone

Talking to customers on the phone can be a minefield when it comes to data protection. When discussing personal data over the phone, it is really important to make sure you can be certain of the identity of the person you are talking to so as to avoid any potential data breach. Even disclosing seemingly insignificant pieces of information such as a date of birth, address, telephone number, email address etc. could help a fraudster build up a bigger picture of an individual. Don’t be afraid to verify someone’s identity by asking them to confirm their details against information you already hold about them. Capsule CRM can be an excellent way of storing customer data in a secure place which is very easy to use and access when needed.

  1. The Cloud

Where possible, consider storing files containing personal data in cloud based digital storage solutions such as Dropbox for Business or Google Drive. Because these types of solutions are cloud based, should your computer systems be compromised in any way (such as loss, theft, virus, hacking etc.) the data stored within the cloud can still be recovered and accessed from another device. This is not only important for data protection but also for business continuity.

Hopefully these top tips have given you some starting points for helping your business become more data protection savvy. GDPR comes into force in the UK on 25th May, so best of luck in your preparations!