Your data security checklist: Nine principles you cannot afford to overlook

Blogs 17 Jul 2023

A data breach can be devastating, both in terms of financial losses and reputational damages. Zempler Bank provides suggestions for small businesses on how to protect data so that you're not vulnerable to cyber-attacks.


Data security is a critical concern for small businesses, yet many neglect this important aspect of their operations. Cyber security threats are becoming increasingly sophisticated, and hackers are constantly finding new ways to breach networks and steal sensitive information.   

Upwards of 39% of UK businesses are reporting some kind of data breach or attack, with 49% of these saying this occurs at least monthly and 27% at least once a week.  And the consequences of a data breach can be devastating, both in terms of financial losses and damage to a company's reputation.

There are several types of cyber security breaches that can affect UK businesses, and the percentage of incidents they represent can vary depending on the source and timeframe of the data. However, some common types of cyber security breaches in the UK include:

Phishing attacks

Phishing is a type of cyber-attack that involves sending fraudulent emails or messages to trick recipients into divulging sensitive information or downloading malicious software. According to the 2021 Cyber Security Breaches Survey, phishing attacks were the most common type of cyber-attack experienced by UK businesses, representing 83% of all incidents.

Ransomware attacks

Ransomware is a type of malicious software that encrypts a victim's files and demands payment in exchange for the decryption key. According to a 2021 report by SonicWall, ransomware attacks on UK businesses increased by 195% in the first half of 2021 compared to the same period in 2020, and represented 15% of all global ransomware attacks.

Distributed Denial of Service (DDoS) attacks

DDoS attacks involve flooding a website or online service with traffic to make it unavailable to users. According to the 2021 Cyber Security Breaches Survey, 32% of UK businesses experienced a DDoS attack in the past 12 months.

Insider threats

Insider threats refer to employees or contractors who misuse their access privileges to steal data, compromise systems, or cause other types of harm to a business. According to the 2021 Insider Threat Report by Cybersecurity Insiders, 60% of UK organisations have experienced an insider attack in the past 12 months.

It's important to note that the percentages and types of cyber-attacks can vary based on the industry, size, and other factors of a business. Additionally, new types of attacks and tactics are constantly emerging, so businesses need to stay vigilant and proactive in their cyber security measures.

Below is a checklist of principles that all small businesses can follow.

1. Educate your employees

One of the biggest vulnerabilities that small businesses face is their employees. Many employees may not be aware of the risks associated with data security, or they may inadvertently expose the company to cyber threats through their actions. To mitigate this risk, it's important to educate your employees about the importance of data security and provide them with training on how to identify and avoid potential threats. This includes training on topics such as password management, phishing attacks, and safe browsing habits.

2. Use strong passwords

Passwords are often the first line of defence against cyber-attacks. Therefore, it's important to use strong passwords that are difficult to guess. Avoid using simple passwords such as "password" or "123456" and use a mix of upper- and lower-case letters, numbers, and symbols. Additionally, it's important to use different passwords for different accounts and to change passwords regularly.

3. Use encryption

Encryption is an essential tool for protecting sensitive data. Encryption involves converting data into a code that can only be accessed with a specific key. This means that even if a hacker manages to access the data, they will not be able to read it without the key. Encryption can be used for everything from emails to files stored on a computer.

4. Keep software up to date

Outdated software can be a major security risk. Hackers often target vulnerabilities in software to gain access to networks and steal data. It's important to keep software up to date with the latest security patches and updates. This includes everything from operating systems to web browsers.

5. Use firewalls

Firewalls are a key tool for preventing unauthorized access to a network. Firewalls can be either hardware or software-based and work by analysing incoming and outgoing network traffic to determine whether it is safe or not. By blocking potentially harmful traffic, firewalls can prevent cyber-attacks from reaching your network.

6. Limit access to sensitive data

Not all employees need access to all data. By limiting access to sensitive data only to those who need it, you can reduce the risk of a data breach. This includes implementing access controls, such as requiring passwords or two-factor authentication, and regularly reviewing access privileges to ensure that employees only have access to the data they need.

7. Backup your data

Backing up data is critical for ensuring that you can recover quickly in the event of a cyber-attack. Regularly backing up data to a secure off-site location can help ensure that your business can recover from a data breach or other disaster.

8. Monitor your network

Regularly monitoring your network can help you identify potential security threats before they become major problems. This includes monitoring network traffic, analysing logs, and setting up alerts for suspicious activity. By staying vigilant, you can detect and respond to potential threats.

9. Have a response plan

Despite all the measures you take, a data breach may still occur. Therefore, it's important to have a response plan in place. This includes having a team responsible for responding to a data breach, having a plan for notifying customers and stakeholders, and having a plan for restoring operations as quickly as possible.

In conclusion, as a small business owner you must take data security seriously to protect yourself from cyber threats. By educating employees, using strong passwords, encrypting data, keeping software up to date, using firewalls, limiting access to sensitive data, backing up data, and monitoring your network, you can avoid potentially disastrous consequences for your company, customers and employees.

This content was provided by 
Zempler Bank

Manage your money your way for less

With FSB Business Banking, you can choose a bank account that works for your small business, and get discounts and deals negotiated just for FSB members.

 Find out more


Please note, the content in this article has been provided by a third party and is not guidance from Zempler. Zempler Bank make no representations or warranties of any kind, explicit or implied with respect to the contents of this article. Without limitation, Zempler Bank specifically excludes and disclaims all express or implied warranties and conditions to the extent permitted by law, and any action taken using such content is strictly at the user’s risk.

Advanced Payment Solutions Limited (APS), trading as Zempler Bank, is registered in England and Wales at Cottons Centre, Cottons Lane, London SE1 2QG (No. 04947027). APS is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority and the PRA under Firm Reference Number 671140.

Accounts are subject to approval and to APS eligibility criteria.