11 Steps to Protecting your Customers' Data

In 2024, 47% of microbusinesses and 58% of small businesses identified a cyber breach.^[1] Cybercriminals often see smaller businesses as easy targets because their cyber defence is usually less sophisticated than larger organisations. That’s why it’s important for small businesses to think about the measures you put in place to protect the data collected from your customers.

Cyber breaches can cost businesses a lot of money and affect the reputation you’ve worked hard to build. In this guide, Towergate Insurance will take you through 11 practical steps to keep your customers' data safe.

1) Only collect relevant data

Think about the information you take from your customers and why you need it. Make a list of exactly what need to know and where it will be stored.

2) Use strong passwords

Make sure to use strong, unique passwords for all your accounts and never write them down. Enable two-factor authentication wherever possible.

3) Regularly update your software

Update your software and systems regularly to ensure you have the most up to date security in place.

4) Train your team

Make sure your employees are fully trained in data protection. This can help them to understand how to spot potential security risks and handle customer information safely.

5) Record data safely

Whether you record data digitally or physically, keep customer records organised and secured. Use encryption for digital files and lock away physical documents when not in use.

6) Limit who accesses the data

Not everyone in your business needs access to all customer information. Create clear guidelines about who can see what and put measures in place to keep information secure. 

7) Spot phishing scams

Phishing attacks make up 84% of all cyberattacks on businesses in 2024.^[2] That’s why it’s important to be careful around emails, links, and attachments. Teach your team to spot the signs of phishing attempts and never share sensitive information through unsecured channels.

8) Have a clear privacy policy

Create a simple, easy-to-understand privacy policy. Tell your customers exactly how you use and protect their data. Be transparent about your data practices.

9) Use secure payment systems

When handling payment, always use certified secure payment providers. Ensure all financial transactions are encrypted and follow the latest security standards.

10) Regularly review your security measures

Cybercriminals are always finding new ways to target businesses. To stay ahead, regularly review and update your security measures.

11) Create a response plan

If your business is affected by a data breach, it helps to have a clear step-by-step plan in place to contain the breach, inform customers, and minimise damage.

Protect your business with cyber insurance

Cyber threats are constantly evolving, and small businesses are often the most vulnerable. Towergate Insurance specialises in helping businesses like yours navigate these complex risks.

Contact us today to discuss how cyber insurance can help your small business: 0330 162 9107

About the author

Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.

As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.

Sources

[1] gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024#chapter-4-prevalence-and-impact-of-breaches-or-attacks

[2] gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024#chapter-4-prevalence-and-impact-of-breaches-or-attacks

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems, we recommend that professional advice be sought.