Small Businesses Face Growing Challenges in Secure Data Storage

Best practice in data security and compliance for small and medium-sized enterprises (SMEs) is often seen as a headache and a "grudge purchase", but SMEs are facing the same threat landscape as larger organizations - but without their budgets.
As the number of data breaches increase, small businesses must evaluate the strength of their data security measures. Most companies understand they’re vulnerable to cyberattacks and are investing in data safety with a balance of strategy, staff vigilance, and technical best practices. Small business cybersecurity is especially important with employees working remotely due to COVID-19.
“The attacks begin with small businesses believing erroneously that it cannot happen to them. Although a hacker might not single out a small business, businesses can certainly become victims of hacks and other cyber-criminality,” said Charles Lee Mudd Jr., founder and principal of Mudd Law Firm, a firm specializing in Internet, startup, intellectual property, privacy, defamation, space, and entertainment law.
Businesses are increasingly aware that data safety is essential to success and longevity. The majority of companies (64%) say they are likely to devote more time, money, and resources to data security in 2020. Only 7% said they were unlikely to invest more in data safety in 2020. As of March 2020, more employees are working remotely due to the COVID-19 pandemic. Given this trend, data safety is more critical than ever.
“When employees move away from office systems that are maintained by at least an outsourced IT administrator, they become vulnerable to online threats,” said Naomi Hodges, cybersecurity advisor at privacy protection company Surfshark. Remote-work employees are also more likely to neglect antivirus updates, open malicious emails, and expose confidential data to third-parties via unsecured communications, Hodges said.
Nearly half of small businesses (46%) restrict employee access to data. Employees may expose sensitive data accidentally if they are careless or intentionally if they are angry. Limiting access reduces the channels through which sensitive information can potentially be breached. Restricting access to authorized users requires companies to segment sensitive data. Each authorized job role should have a unique password that corresponds to each set of sensitive information.
As data breaches become increasingly common and costly, practicing proactive data safety should be the new normal for small businesses. Nearly 60% of small businesses didn’t experience a data security challenge in 2019; yet, most say they are likely to devote more resources to keeping user data safe. These businesses may realize that even if they didn’t experience an incident, they must protect their data proactively. The consequences of even one data security incident can be severe. On the other hand, 15% of small businesses encountered issues with hacking, viruses, or data leaks in 2019.
Small businesses are devoting more resources to data safety in 2020, including limiting employee access to user data, encrypting data, requiring strong user passwords, and training employees on data safety and best practices. These measures are especially important with employees working remotely due to COVID-19. Enforcing data safety will require greater vigilance and technical best practices from small businesses going forward.