How To Protect Your Data and Reduce Digital Risk

Learn how to protect your small business from a variety of digital threats.

Digital risks, including cyber-attacks and data loss, can happen to any company at any time, and small businesses are particularly vulnerable. One of the biggest risks — and one that often gets the most publicity — is compromised data. This includes hacked systems, employee data theft, and stolen or lost devices such as laptops and cell phones. Data can also be compromised by viruses, which are often downloaded through business email compromise schemes.

To protect data from being compromised, businesses must ensure that their network security is in top shape. This includes establishing and observing appropriate protocols, such as ensuring employees are creating strong passwords and setting user access boundaries that only allow certain users to access certain files.

In addition to preparing for the worst-case scenario, businesses also need to protect against everyday disasters, such as the loss of a laptop or a computer virus. This approach provides an immediate benefit against a more imminent threat at a more reasonable cost, while gradually building protection against the more serious risks.

For example, it’s important to establish security protocols for technological equipment, such as laptops and tablets. These items should not be left where they can be stolen or accessed by anyone other than the employee, and if they are lost or stolen, they should be able to be wiped remotely. In addition, it’s important to ensure that network security software is up to date, run scans regularly and back up important data.

As the COVID-19 pandemic has shown, there are often other types of unexpected risks businesses need to plan for. For example, as companies shut down offices with little to no notice, some struggled to maintain continuous access to their data and applications needed to operate remotely. To do this, businesses need to have a remote access plan, establishing a secure connection and making sure the necessary data is available. Likewise, they should take steps to adapt their cybersecurity plan for remote workers, if they haven’t done so already.

Safeguarding Your Data

For small business owners, basic precautions can go a long way to keeping your IT system up and running and your data secure. The following tips can help reduce the risks of IT threats to your business.

First and foremost, it's essential to back up your business data regularly — ideally on a daily basis — and to store copies offsite in case of fire, flood, or other disaster. If you decide to back up your data through a cloud service, look for one that offers continual and automatic backup, retains older versions of files, uses multiple storage sites and can restore files to new computers. Before signing with a vendor, understand how it ensures your data will be kept safe and secure.

Also, take care to keep all software — including operating systems, antivirus software, and applications — at the latest release level to minimize infections by new viruses. As a side benefit, current releases can also help improve your team's productivity. Assign a team member to perform software updates, troubleshoot wireless problems, configure desktop applications and solve other common IT problems. As an alternative, an increasing number of online services offer remote tech support for a monthly fee; this can be a good option for a small business without an internal technical troubleshooter.

Be Proactive

New risks to your business IT system can arise daily, so you need to be vigilant. For example, on a regular basis:

  • Review your data protection plan to ensure your company remains secure
  • Update your company’s data breach response plan on a periodic basis
  • Define which employees or business partners can access critical data and systems, review your policies to prevent unauthorized access and assess their implementation
  • Scan and store important information that is in paper form in case a disaster destroys the paper copy
  • Delete dated information, especially old records that may contain sensitive client information
  • Update your policies on the use of mobile computing and data storage devices such as laptops, smartphones, CDs, external drives and USB flash drives.
  • Encourage your employees to use strong passwords with a mix of upper and lower-case letters as well as numbers, and to change them on a regular basis
  • Enable two-factor authentication whenever possible

Finally, know that your employees are often your best line of defense. Build awareness by conducting frequent cybersecurity training sessions for employees. Educate your team about safe email practices, ensuring they know how to spot the signs of a malicious email. Likewise, be sure your employees know how to encrypt data on mobile devices so that if the device is lost, the data can't easily be accessed.

For more resources to help you safeguard your data — and your business — against a variety of threats, visit