As a small business owner, there is always a lot on your mind, on a constant, daily basis.  These include delivering great customer service and keeping your products and services on the cutting edge as much as possible, in order to keep up with your competitors.  But, there is yet another aspect that goes often overlooked:  security.  It’s always on the back of your mind, but never really gets too much attention until you are actually impacted by a security breach.

Top 5 Tips to Avoid a Data Breach

  • Collect only the needed information and data:

Obviously, when you start getting your client base established for your business, you will need to collect information and data about them.  Some of this will include contact information (such as name, address, phone number, and possibly even credit card information).  The database platform in which you store all of this should not only be secured, but it is also important to keep as much minimal data as possible.  For example, do you really need to store the credit card information?  True, this saves time for your customer, but if this financial data is stolen or compromised in any way, you will be held both legally and financially responsible.  In fact, the average cost for a small business owner for such types of data loss is a staggering $280,000.00.

  • rMake sure the passwords that you establish are difficult to be broken by a Cyber attacker:

This is a topic that has been addressed in previous blogs, and yes, it still remains amongst one of the weakest links in the security chain for the small business owner.  It is always important to make sure that your employees are on top of their game when it comes to creating strong passwords, and that they are not sharing it with anybody else.  These standards need to be established in your security policies, and firmly enforced. Also, consider very seriously using a password manager to help create and store long and complex passwords.  Make use of implementing Two Factor Authentication (2FA), in which more than one layer of security is used to protect your company data.  A great tool for this is Biometrics, either Fingerprint or Iris Recognition.

  • Make sure you use the proper levels of Encryption:

This simply means that any communications (especially that of E-Mail) remains in a “garbled state” and stays that way until it is received by the legitimate party.  This helps to ensure that if it were to be intercepted by a Cyber attacker, he or she will be unable to decipher it.  Although this does not guarantee 100% security, the idea is that the Cyber attacker will get frustrated in the time that it actually takes to descramble the message, and as a result, will move onto a much less protected target.

  • Limit network access:

For any business large or small, the network component is at the heart of the IT infrastructure.  After all, the servers reside here, from which your employees and other related personnel (such as outside vendors and contractors) can access information and data.  Therefore, not only should you restrict the permissions in this regard, but you need to make sure as well that all lines of communications between the servers, workstations, and wireless devices are secure. In this aspect, you should consider heavily using Virtual Private Networks (VPNs).  Also, you need to know where all of this mission critical information and data resides at on your servers.  Just consider some of these statistics:

*Only 16% of small business owners know where their structured data resides at;

*Only 7% know the location of where the unstructured data resides at

  • Not all Cyber-attacks target electronic data:

There is the misconception that only this kind of information is subject to an attack.  But, keep in mind that there are also physical documents as well, which can also be a prime target, especially for an inside attack to occur.  Therefore, make sure that the storage places within your business remain secure, with only those employees needing absolute access to it have the keys.  Also, if you dispose of any paper documents, make sure that you shred them first. At the present time, there are no laws preventing Dumpster Diving, and anybody can comb through your trash receptacles that are located outside.  You may even want to consider outsourcing this function to a reputable paper shredding company.


These tips are meant to help you get started thinking seriously about the steps that you can take to fortify the lines of defense for your small business.  There are other steps to take as well, and in these instances, you may even want to consider hiring a Cyber security consultant to help you assess as to where you stand.  This may cost some money but is pale in comparison to the staggering dollar amount if you are indeed hit with a major data breach.