The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Cyberattacks don’t only happen to large corporations. Small businesses, groups and charities have to protect their IT systems, too.

Here are some practical steps you can take today to tighten up your data security.

1. Back up your data

Create a back-up copy of your data, and do this regularly. Store it somewhere other than your main workplace, if possible. That way, if there’s a break-in, fire or flood, you don’t lose everything.

Top tip: If you’re using an external device as your back-up, you’ll probably want to encrypt it. It’s also a good idea to store it in a lockable cupboard or room if you can.

2. Use strong passwords

Make sure you, your staff, volunteers, and anyone else involved in your operations uses strong passwords - including smartphones, laptops, tablets, email accounts and computers.

3. Take care when working remotely

If you, or people you work with do their work remotely, make sure the devices you use are as secure as the equipment you use in the office.

4. Be wary of suspicious emails

Educate yourself and those working for you on how to spot suspicious emails. Checking for obvious signs such as bad grammar, requests for you to act urgently, and requests for payment will help you avoid being caught out. If it looks suspicious, don’t trust it – and warn your staff not to either.

5. Install anti-virus and malware protection

And keep it up-to-date. The National Cyber Security Centre has some useful advice and guidance on cyber security. 

6. Don’t leave paperwork or laptops unattended

Data breaches can occur when staff and volunteers leave paperwork or laptops unattended. This could be in the boot of a car, on a train, or at home. Make sure you take steps to protect the personal data you hold by being vigilant and storing it securely away when it’s not in use.

7. Make sure your Wi-Fi is secure

Using public Wi-Fi or an insecure connection could put personal data at risk, so you should make sure you always use a secure connection when connecting to the internet.

8. Lock your screen when you’re away from your desk

And make sure your staff do the same. Taking steps to lock your screen when you leave your desk is a simple thing to do, but will prevent someone else from accessing your computer.

9. Keep on top of who has access to what

You have to restrict who has access to your IT systems and buildings – you can’t let just anyone in unaccompanied because this will leave your systems vulnerable. The fewer people with access, the better. Visitors should be clearly identifiable. Make sure you limit IT access to people who work for you, where possible. If someone leaves your company, or if they’re absent for long periods of time, you may want to consider suspending their access to your systems.

10. Don’t keep data for longer than you need it

Staying on top of what personal data you hold will save you time and resources. It will also help you with your data protection responsibilities. Only keep what you need, for as long as you need it.

11. Dispose of old IT equipment and records securely

Before you get rid of them, make sure no personal data is left on personal computers, laptops, smartphones or any other devices. You could consider using deletion software, or hire a specialist to wipe the data. This will ensure no one can access information they’re not supposed to see when you dispose of the equipment.