Sometimes, when I start talking to an audience about data security, I can see people’s shoulders start relaxing. Almost always, these shoulders belong to the owners of small businesses: they’re convinced that for whatever reason, their business data isn’t valuable enough to interest hackers. “We’re so small we don’t even have proper file sharing,” one entrepreneur told me. “We just use Google Drive for everything.”

[Tweet “Did you know that Google Drive is one of the sites hackers target most frequently?”]

Did you know that Google Drive is one of the sites hackers target most frequently? The bad guys don’t know how valuable your data is or isn’t until they can see what they’ve taken, so you can’t really consider yourself too small for them to bother with. Remember too that you need to protect not only your data but your ability to access your data: hackers make money with ransomware attacks by locking up data files and barring you from them. This can lead to catastrophic business interruptions, so business owners pay the ransom.

Data security is important to every business owner. Here are three things you can do right now to improve your data security:

1) Make sure you know where your data is and who has access to it.

Is your business data stored on the hard drive of your computer? In the cloud? On a server? In multiple devices owned by your employees? For many business owners, the answer can be a combination of all of these. As a best practice, take control of your data: make sure you know where it is, and who has access to it. Limit access to an as-needed basis, and have processes in place to terminate data access to people who no longer work for you – including third party service providers, agencies, and the like.

2) Get real about personal device usage.

Your team members may be doing work from their own personal computers, tablets, and smartphones. What happens to your business if their tech gets stolen? At a minimum, insist on the following for any device that accesses your business data: lock screen codes, anti-theft apps that include the ability to wipe device data remotely, and app locks that prevent unrelated apps on your employees’ devices from leaking your business data through unintentional or planned access points.

3) Be better about backups

Every business needs onsite and remote backups in place, and backups should be occurring regularly. Backups are important in the event of a ransomware attack – you don’t need to pay to access data that’s being held ransom if you have your own files available to you via your backups – but they’re also critical to have in case of a natural disaster, extreme weather event, or other unforeseen business disruption.