Many small and medium-sized enterprises (SMEs) across the UK are uncertain of what the EU General Data Protection Regulation (GDPR) means for how they handle customer data, and more than eight out of 10 don’t consider cyber attacks or data loss to be a significant risk to their business, a recent survey showed.
However, with the National Cyber Security Programme revealing that nearly half of UK businesses experienced at least one cyber security breach or attack in 2017, SMEs need to get serious about security.
With penalties for companies that are found to have misused customer data increasing dramatically since the GDPR rules came into force in May 2018, it will pay for SMEs to manage their data securely.
SME Magazine gives five tips on how to protect customer data in a post-GDPR world. They need to invest in cyber security measures and physical security measures for their offices.
SMEs looking for working space and offices to let Basingstoke should work with landlords to ensure their offices are secure and enable good working practices with customer data, such as those at matrix-house.co.uk.
The whole team in any SME needs to be aware of the risks of breaching GDPR rules and the ways they can work to maintain levels of confidentiality and security. If staff training on data security is offered, everyone in an SME team can play a role in reducing everyday vulnerabilities and protecting the business from indiscriminate attacks.
Certain working practices need to be evaluated for the risk they pose to data security. For example, the culture of bringing your own device such a laptop or mobile phone to work needs to be mitigated with cyber security measures in order to prevent attacks. Employees also need to be aware of what to do if a data breach occurs. Notifying the Information Commissioner Officers is an obligation of any SME that realises a data breach has occurred, however minor or serious it may appear.
SMEs are also obliged to keep affected customers informed when any data breach occurs that affects them. They can suffer a damaged reputation if they do not manage this effectively.
Cyber security insurance policies and anti-virus software are two relatively low-cost ways that SMEs can improve their security.