How do I protect my SME against a data breach?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday


If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer


Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

Our MD Andrew recently shared some essential advice with BQ Live on how to safeguard your SME against a data breach. If you missed the article, you can read it in full below…

There’s been no shortage of high-profile data breaches hitting the headlines lately – Ticketmaster, Whitbread and the NHS have all faced media scrutiny as a result of sensitive customer, employee or patient information being compromised. And whilst the potential operational and reputational damage that a breach can cause is nothing new, the financial implications for breaking recent GDPR laws are far more severe than previous penalties.

Companies now face fines of up to £17m or 4% of global turnover if any personally identifiable information is lost or stolen, making data security one crucial matter firms cannot afford to overlook.

So, as a small business owner, what should you be doing to protect your SME against a breach?

Take stock

Firstly, understanding where your data is stored and what security measures are in place is key. You might have already undertaken an audit of personal data processing as part of your GDPR preparations, but this identification process should encompass all files on your systems – not just those containing employee, customer or other individuals’ information.

Looking at your current infrastructure is important here, particularly in terms of storage and back-ups. Are you still relying on physical servers and manual replication processes? If so, switching to an automated and encrypted cloud-based service would not only provide you with an improved level of security, but also scalable storage capacity and a far more efficient back-up procedure – essential for data recovery in the event of a breach.

Up your security

The sheer number of security options available can be overwhelming, but there are certain essentials that every SME should have in place. Using a firewall secures your internet connection and screens any incoming traffic before it’s allowed into your network, whilst anti-malware software helps guard against harmful viruses and ransomware. Strong passwords should be implemented – and two-factor authentication employed where possible.

Keeping your computer systems and software up-to-date is also crucial – malware is ever-evolving, so the longer you leave between installing updates, the higher the risk of a new-fangled virus slipping past your defences.

Arm your employees

Your people are both your greatest weapon and biggest weakness when it comes to data security, so ensure they’re clued up on deterring potential threats. That might mean enlisting a specialist training provider, or simply having effective cyber-security and BYOD (Bring Your Own Device) policies in place that everyone follows.

By equipping your team with the skills and knowledge they need to detect any threats and combat them accordingly, you’ll ensure they’re a help rather than a hole in your defences. Limiting user permissions – so employees only have access to the software, settings, online services and device connectivity functions that enable them to do their job – also reduces the possibility of data being compromised.

Be wary of access

Similarly, where external suppliers are appointed, you need to ensure they can be trusted to safeguard your data. A number of recent significant data breaches have occurred as a result of vulnerabilities within third-party software. For instance, the Whitbread breach that affected Costa Coffee and Premier Inn job applicants occurred within the PageUp online recruitment system, whilst the data of over 150,000 NHS patients was compromised thanks to a coding issue with the TPP-developed SystmOne application.

In such an event of data being leaked through an external supplier, although the fault may lie with them, it is ultimately you – the data controller – who is culpable for failing to protect that information. For new or existing providers, check out their privacy policies and contractual small-print, and don’t be afraid to ask about their security procedures.

Similarly, make sure you ask for help if you need it. Data-security is an ongoing battle that is only set to continue, so if you’re unsure about any aspect of safeguarding your SME – whether that’s with the implementation of effective security measures, or what you should be looking out for in third-party terms and conditions – it’s better to ask for assistance from a specialist and be safe, than neglect your data protection responsibilities and be sorry.

Need help with your data-security? We can help! Get in touch to find out more about our services.

How do I protect my SME against a data breach?