A lot of time, energy, and money go into collecting data for business. Entire teams of people are dedicated to collecting as much data as possible, but there is another team solely focused on protecting the data once it has been collected. The professionals who work to protect data even marked January 28th as Data Privacy Day to highlight the universal importance of keeping data secure. For small businesses, an entire team of employees working to keep company data safe might not be feasible. Most small businesses are not properly prepared to protect their data. Sadly, the fact that small businesses generally have fewer defenses also makes them a more popular target. There are low budget solutions that can greatly increase data security, but these solutions require tremendous diligence to be effective.

These security solutions and suggestions do assume your company data is stored in a database. A database is data collected and stored in a computer that is then organized for access and analysis. The data within a database is stored digitally, but the database itself is a physical computer.

Staff Training

It is estimated that staff errors account for a large percentage of data breaches in small to mid-sized businesses. These errors are generally not nefarious, mistakes just happen. Hackers prey on people who simply don’t know better. This where proper staff training comes in.

By training every employee in basic security, you can reduce the risk of data breaches. The training does not need to be highly technical, as just making employees aware of what common threats look like you can avoid damaging situations. Show employees what phishing attempts look like and how to report attempts so that the same tactic won’t fool someone else.

Establish protocols for confirming the legitimacy of contacts before giving out privileged information. Never open attachments or click links from people you don’t know and anything suspicious should be avoided altogether. Show your employees what to look for, but also tell them to trust their gut. If something doesn’t feel right, double- check before doing something that can’t be undone.

Limit Access

One of the best ways to protect your company’s data is to know exactly who has access to it. The more people that know a secret the larger the chance one person will let it slip. By keeping the number of people with access to data low, you are decreasing the chances the data will get out.

Only allow people to access confidential data who absolutely need it. If accessing the data is not required for their job, they should not have access. The list of who has access to company data should be kept up to date, and the system used to access the data needs to track who logged in when and from where. This way, should a problem arise you know who the last person to access the data was.

Providing access to the correct employees is important, but you also need to take access away. When an employee leaves the company or changes roles, their data access needs to be removed or modified. The last thing you want is a former employee exacting any wild ideas of revenge by compromising your private data.

Accessing data is normally done digitally by using credentials, but you can also access a database physically. It is not hard to plug a drive into a database and use nefarious methods to steal information. That is why digital security is just as important as physical security. Wherever your data is stored needs to be physically secure. Locking the door to the database room is a good start, but consider adding cameras to the room or locking the case housing the database.

Rapid Fire

The next few suggestions are basic quick tips to boost security that are easy to implement, but can still have a sizeable impact.


It is no secret that simple passwords are easier to break than ever. Every company computer and smartphone needs a strong, complex password. For extra security, change passwords every few months and never reuse an old password.

Malware Protection

Malware is a catch-all term for malicious software, such as viruses, spyware, ransomware, and any other software that seeks to cause harm. There are degrees of severity with malware, as it can range from data leeching to completely bricking an infected device. Regardless, you do not want to deal with malware and firewalls keep nefarious software at bay. Install strong firewalls and antivirus programs to instantly block and quarantine incoming suspicious software.

Stay Up to Date

Software, like operating systems and anti-malware programs, should be kept up to date with current patches. Software developers release updates to their programs to fix issues, release new features, and increase security. Generally speaking, the newest version of a program is the most secure. The further out of date a program is, the more vulnerable it is to attack, so keep everything updated to maximize security.


When employees work remotely and access your company network, it is a good idea to have them use a VPN (virtual private network). A VPN secures the connection to your company network, making it much harder to breach.

Data protection is incredibly important. A data breach can be expensive and time-consuming to fix, so take the necessary steps to ensure your data is secure.


  • Nick Rojas

    Nick Andrew Rojas is a journalist and a self-taught serial entrepreneur who has worked with various startups as a business consultant. His work often discusses marketing, business and technology. He loves to connect so reach out on Twitter! @nickarojas. Nick volunteers for AMA Boston in his (limited) spare time.