Every small business has big data. ‘Data becomes big when you can’t use Excel anymore’ says Gael Decoudu, ‘When you’re trying to merge several sources together and connect it all together to make sense, that’s when data becomes big.’

And if your business is growing, your information will grow with it. Protecting your data so it maintains integrity – both in house and in transit – has never been more important. Here’s why:

1. Data is your most valuable and vulnerable asset

Data is the lifeblood of every business. It’s your intellectual property. And like in any modern organisation, it’s spread across multiple accounts, platforms and devices. If you operate a ‘bring your own device’ system or work remotely, your data is even further decentralised.

This isn’t a problem if you understand the value in managing data properly. Many companies are using software to manage identities, and gain visibility and control of data. Not only can this keep data secure, but you can also turn it into actionable insights to drive growth and innovation.

That said, the majority of SMBs are still in the dark and running on mainly unstructured data – i.e. you don’t know where it is, what value it holds, and who has it. This is a common barrier to growth, but also leaves you vulnerable to hackers. You wouldn’t leave your money sprawled all over the place – think about your digital information the same.

2. SMEs are now a prime target for hackers  

As hackers get more intelligent and savvy, over half of all cyber-attacks now hitting SMBs. Or rather, any organisation that is unlikely to understand threats, and therefore unable to counteract attacks like:

• Ransomware. The recent Petya and WannaCry ‘zero-day’ attack (an attack that gets in through a hole in the system unknown to IT professionals) shows ransomware is real. But while unexpected, many organisations could have been protected if they’d updated their systems.
• Phishing scams. According to Symantec, the phishing rate for May 2017 was one of the highest on record. This was reflected in the recent GoogleDocs scam, which targeted people through email and clever copying.

While these attacks were highly sophisticated works of social engineering, they expose preventable issues with lack of management awareness and employee training around cybersecurity.

Growth is double-edged sword for businesses. Sometimes you’re so busy growth-hacking, you forget to look up for the risks approaching. But having an IT security policy making your employees aware will save you hurdles later.

3. Data breaches happen to good people

If hackers get hold of your information, or somebody in the company lets your data loose, you’ve got yourself a breach. Don’t underestimate how easy this is, and how destructive it can be. You need to be thinking about a breach as a ‘not if, but when’ scenario and be proactive.

Under the Data Protection Act currently (which will be replaced next year with the GDPR) you can be fined up to £500,000 for a data breach. But it doesn’t end there. You’ll lose the trust of your employees, customer and vendors if you’re shown to be negligent with security.

Because of the snowball effect following a data breach, the total cost to a UK business is actually more like £2.53 million, with a 6.5 percent increase in total cost over two years, according to IBM’s study, not to mention your reputation. If you’re risking a data breach, you’re risking everything.

4. Data Protection Act is shifting to GDPR

The worst-case scenario of a data breach is about to get scarier, too. On 25 May 2018, the GDPR will replace the data protection act and enforce new rules on the storage and management of data. And it’s a regulation, i.e. a binding contract between your business and the public rather than guidance, meaning you need to comply.

Despite this, IDC report that 22 percent of companies are not aware of the GDPR, and 52 percent of those that know about it say the impact is unclear. But SMEs should be aware. Here are the things you need to know:

• In the event of a data breach, you’ll have 72 hours to inform customers and authorities;
• Companies can be fined up to €20 million or 4 percent of global revenues; and
• Even if your business isn’t based in the EU, handling the data of any EU citizen means it will affect you.

If your data is growing or you’re planning to expand overseas, you need to take steps now towards being compliant. Otherwise it’s only going to be more difficult to handle when next year comes around.

Growth = more opportunities but bigger responsibility

When you’re a growing business, your data walks a tightrope. It can be a competitive advantage or it can hold you back and cause you big problems (often when you least expect it). As we all know, prevention is better than the cure.

The GDPR changes everything, and you’ll need to make sure you’re compliant with a strong policy, storage and access management. It may seem like a while off, but building data governance from the ground up means you can take manageable steps.

Every business is different and needs a holistic tailored approach to data protection. But if you start thinking about your data now, you’re one step closer to preparation and protection for the future.  If you need a hand preparing for GDPR let us know!