There were 535 data breaches in 2011 involving 30.4 million records. At the time, this was the worst year for data breaches to date. But with continued technology advances and more data being created and collected today than ever before, last year saw 4,145 data breaches, involving over 22 billion records. That represents a 675% increase in the number of breaches over a 10-year period, along with an exponential rise in the total number of impacted records! There has never been a more critical time for business leaders to prioritize data protection, especially for small businesses.

Today’s organizations are experiencing high employee turnover and a hybrid and decentralized work environment, thereby making it more challenging to protect and secure information. According to , despite their best efforts, 90% of small business leaders (SBLs) admit it has never been harder to keep their company’s sensitive data and information safe. Remote work (69%), employee turnover (63%) and supply chain vulnerabilities (60%) were cited as the driving challenges small business owners face today. A report by Verizon reaffirms those challenges and fears, reporting that 82% of breaches this year involved the human element, including stolen credentials, phishing or misuse. Regular and mandatory employee training is key to helping SBLs keep their customer and employee information secure.

While the importance of data protection training for employees often goes unquestioned, the Data Protection Report found that The majority of SBLs worry that what they offer is still not enough. Even with their best efforts to train employees, they believe their employees still do not understand data security best practices (67%) or how to navigate a potential data breach (66%). However, when asked about the types of training provided to their employees, too many critical data and information protection trainings are only being offered as optional, if at all.

Data protection training should cover a wide variety of areas. In addition to regular policy and procedures, training could include data breach identification and management, record retention, bring-your-own-device policies, email and internet use policies and workstation safety, to name a few. Training could also be adjusted based on where an employee is within their career, within the organization and the type of environment in which they work.

Whether it’s a college student’s first job or an experienced individual joining the organization, onboarding is a critical time for employees to learn about the ins and outs of the business, including how to keep data and information safe. More in-depth training modules should be provided for new employees to help them understand their role in keeping data secure, how to identify common cyber-attacks — such as phishing, ransomware or other malware — and how to escalate the issue should a suspected breach event occur.

If employees work remotely or in a hybrid environment, specific training modules should be required to help reduce the risk of compromise or loss of confidential devices and documents while at home, at a coffee shop or during commutes. This includes verifying all files, laptops and internet connections are password-protected with a secure password, security settings and firewalls are activated and confidential documents are returned to the office for storage or secure destruction.

Most of all, all employees should undergo regular and mandatory training on the concepts and tactics for proper data protection, so that they are up to date on the latest information for both digital and physical risks and how they can protect themselves and the organization from data breaches. This is a great opportunity for testing modules to help employees properly identify phishing scams or ransomware attacks. Additionally, implementing a shred-it-all policy is another way to help protect workplace documents, by requiring that they are securely disposed of and destroyed when they are no longer needed. Professional document destruction companies can also provide locked containers for employees to dispose of confidential documents and pick up the documents for shredding on a regularly scheduled basis.

Employees are a key factor in an organization’s defense against a data breach. Providing these educational resources and tools can help prepare them for potential physical and digital security risks, along with equipping them on how to respond if a breach occurs. However, many SBLs need to revamp their security training approach to properly educate their employees. SBLs should find a trusted third-party partner to support their data protection and education efforts. The right partner can help SBLs with their data protection, management and compliance challenges by providing tools, services and employee training programs that meet organizational needs.

Data protection needs to be a foundational element of the business in order to build and retain strong relationships with customers, employees and partners. With thorough employee education, small businesses will be better equipped to protect data, which in turn can benefit a small business’s bottom line and brand reputation today and in the future.