*This post may contain Affiliate Links which means we may earn from qualifying purchases you make via our website. Check out our Affiliate policy and what this means here.
A GDPR or cyber security breach is more likely to happen at home due to lack of adequate protection. Micro and small business owners often cut down their operating costs by having a home office. A cyber attack and resulting data and GDPR breach can cost them between £2,071 and £14,977.
Due to poor practices of many SMEs and micro-businesses, as outlined in AON’s Cyber Survey, home-based businesses often don’t even report a GDPR breach. The survey questioned 1,000 micro, small, and medium business owners about their GDPR practices, only to find out that the majority is largely confused about even the basic concepts almost a year after its implementation.
Most Common Risk Areas
The most common risk areas of GDPR breach at home include the following:
- An outdated OS – Newest OS updates and patches close any security holes discovered in earlier versions. By opting to postpone updates, you place sensitive data you store on your devices at risk.
- Outdated antivirus definitions – Without the newest definitions, your AV software might not catch the latest viruses and malware.
- No encryption – Encryption software makes personal and sensitive data unreadable to the attacher in case there is a data breach.
- No data masking – If you’re testing new software, never use actual data. Data masking changes personal data and numbers with different characters that can still be used for testing, but keeps the original data safe.
- Lack of network security – Without the right encryption and network security protocols, your home network can be breached easily.
- No VPN – A VPN keeps your IP address hidden and ensures nobody can clone it for malicious purposes.
Lack of Data Security Practices
- No data security audits on external service suppliers – Ensure all software and product suppliers you use are GDPR-compliant too, especially if you use them to store and process personal and sensitive data.
- Using third-party software to discuss client details (for instance, WhatsApp groups)
- Using visitor books where others have access to personal information of other visitors
- Employee records that are accessible by everyone in the company
- Sending emails or data to the wrong recipient (and without encrypting it)
- Losing hardware where you store personal data
- Using personal devices for business dealings
By ensuring your security is airtight and you handle your employee and customer data well, you minimise the risk of data breach and the resulting business losses. On top of that, when you ensure your home office is GDPR-compliant, you also strengthen your customers’ trust in your business.
Need more help with cyber essentials as a freelancer or in your home office? Check out the Beginner Cyber Security Essentials course below that goes through all of these points with you and walks you through what you need.