Having information about clients and customers is important, but ensuring that private information remains secure might be just as vital to the health of a small business. Many small businesses are not well prepared for the sophisticated tricks that hackers use to steal data from their information systems or to deal with the fallout from such an occurrence. In reality, small businesses can offer a more attractive target for hackers than larger companies because they don’t invest as many resources in cyber security, she said. That can be especially true for small businesses that are third-party providers for larger companies. It is also important for small businesses and their employees to be mindful of what kind of sensitive information they have that a hacker might want. Small businesses don’t have to spend their whole IT budget on cyber security .Providing better data security doesn’t have to break the budget. A small business can have “the basics in terms of security” for very little cost a month. Here are some suggestions for securing your systems and keeping the information of customers and clients private:

1. If you collect it, protect it. Follow reasonable security measures to ensure that customers’ and employees’ personal information is protected from inappropriate and unauthorized access.

2. Have a strong privacy policy. Customers need to know that you are protecting their information. Make sure you have a policy they can refer to explaining how you are keeping personal information safe. Make sure you are straightforward with customers about the consumer data you collect and what you do with it. Being honest with them will help you build consumer trust and show you value their data and are working to protect it.

3. Know what you are protecting. Be aware of all the personal information you have, where you are storing it, how you are using it and who has access to it. Understand the kind of assets you have and why a hacker might pursue them. You cannot protect what you don’t know about.

4. Don’t underestimate the threat. In one survey conducted by the National Cyber Security Alliance in the U.S, 85 percent of small business owners believe larger enterprises are more targeted than they are. In reality, there have been cases where small businesses have lost hundreds of thousands of dollars to cybercriminals.

5. Don’t collect what you don’t need. The more valuable information you have, the bigger a target you might be. Avoid using I.D numbers or other personal information for customer identification. Opt instead for log in identification and passwords. More layers of identification help keep attackers from being able to simulate users. Consider deleting personal information that you don’t really need.

6. Keep a clean machine. Having the latest security software, web browser and operating system are the best defences against viruses, malware and other online threats. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

7. Use multiple layers of security. Spam filters will weed out malware and phishing scams — many of which are aimed directly at businesses — keeping your email safer and easier to use. Employ a firewall to keep criminals out and sensitive data in.

8. Scan all new devices. Be sure to scan all USB and other devices before they are attached to your network.

9. Educate employees. Employees are often the handlers of customer data. They therefore need to be kept up-to-date on how to protect that information to make sure it does not accidentally land in the wrong hands. They should be educated about the newest fraud schemes and urged to employ best practices such as not responding to or opening attachments or clicking suspicious links in unsolicited email messages.

10. Protect against mobile device risks. Smartphones, tablets and laptops can add to employee flexibility and productivity, but they can also be repositories of sensitive information, which, if lost, can harm your customers and your business. Impress upon employees and other partners the importance of keeping these devices secure from loss or theft. At the same time, stress that not reporting such an incident, if it happens, is worse.