10 Essential Cyber Security Tips for Small Businesses


You’re probably already aware that cyber security is one of the most important things to keep your business safe.

But how exactly can you practice good cyber security? And what are the tactics you can use to protect yourself, your data and your business?

In this guide, we’ll run through some of the essential cyber security tips — the non-negotiable ones that should be in place at all times and as a minimum.

Cyber Security ebook

Cyber security tips for your workplace

Cyber security is imperative for businesses of all sizes, but perhaps even more so for small and medium sized businesses who may not be able to recover from an attack. 

Here are some top cyber security tips for businesses.

1. Use strong passwords

One of the easiest ways to protect your data and accounts is through the use of strong passwords. And yet we’re all guilty of using easy-to-guess passwords or the same one for various accounts.

Steer clear of easily memorable words, dates or repetitive passwords (123456 is the most hacked password). Instead, use a combination of letters, numbers and special characters to secure your account.

Tip: If you regularly forget your passwords for each account, use a password manager to keep them securely stored for future reference. A business grade system, configured centrally, can also give you greater control over who can access what systems. Your IT support should be able to recommend one and set it up for you.

2. Backup your data

A cyber attack or security breach can result in the theft and loss of important data. To ensure you don’t lose it forever, you should regularly backup your documents and data to a separate location..

Tip: Cloud storage providers (Google Drive, Dropbox, SharePoint, etc) allow you to go back to previous versions from a few days ago but they are not true backups. Ensure you have a separate backup system that stores your data outside of your live environment.

3. Train your staff

The truth is that people are the weakest link in your cyber security defences. You should ensure that staff are given adequate training and follow the company’s protocols when creating passwords, working remotely, and saving and sharing data.

Training shouldn’t just be a one-time thing; instead, invest in a regular training schedule that gives staff up-to-date knowledge and encourages them to take cyber security seriously — both personally and professionally.

Tip: Automated systems can be put in place to regularly test and train staff and highlight serial “offenders” so this process need not be a huge overhead to the business in terms of time and cost.

4. Run a regular security audit

A cyber security audit can help to identify gaps or weaknesses in your defences. Whether done in-house or by a third party, running a security audit and testing your cyber defence is good practice to highlight vulnerabilities, keep your assets safe and ensure your business conforms to statutory requirements.

5. Get accredited (Cyber Essentials)

The Cyber Essentials Certification is a Government-backed accreditation scheme that helps businesses to protect themselves from the threat of common cyber attacks. The accreditation provides a set of controls to allow businesses of any size to be better prepared for an attempted attack. Not only will this help protect your company, but sharing this accreditation with prospects, customers and suppliers can improve credibility and potentially help you gain more business.

6. Enable multi-factor authentication (MFA)

Multi-factor authentication is a system that uses two or more separate methods to validate a user's identity as they log in. Rather than just relying on a username and password combination, a unique secondary code is sent to a nominated device (often a mobile phone). 

That code must be entered before access to the account is granted. The principle being that only the true account holder will have access to that device and will receive the code.

Using MFA can potentially prevent your system being hacked even if the cyber-criminals gain access to your passwords.

7. Ensure antivirus software is up to date

Antivirus software is imperative for protecting your systems from malicious attacks. However, it’s not enough to just install the software; it must be regularly updated to the latest version to ensure you’re adequately protected.

8. Don’t open suspicious emails

Suspicious emails — often known as phishing emails — are designed to fool the recipient into handing over personal information or sensitive data. They can be hard to spot, but if something seems off, it should be reported immediately to an IT manager.

Look out for unexpected payment requests, attachments with spurious names and keep an eye on sender email addresses — often they’re from a domain that’s similar to a well-known company, but not quite the same.

83% of cyber breaches on UK businesses in 2021 came in the form of phishing attacks, which shows just how important it is to be vigilant against these types of emails.

Tip: Speak to your IT support provider about using software to help identify these emails. Sophisticated systems are now available that use AI technology to “learn” what constitutes a potential phishing email and they are often better than humans at doing this.

9. Use secure file sharing

During the Covid-19 pandemic, remote working highlighted the importance of having secure file sharing processes and systems in place. If your staff are still emailing sensitive data and files to each other, there’s a chance that data could be intercepted and fall into the wrong hands.

Instead, implement a cloud-based platform like Microsoft Sharepoint or Google Drive to securely store files. As well as meaning only authorised users can access relevant files, these types of systems also make it much easier for your teams to work collaboratively.

10. Consider having a cyber security service to monitor your systems

You can take many steps to protect your organisation and its data, but the truth is that life and business get in the way. It can be easy to drop the ball from a cyber security perspective, which is why many businesses choose to outsource this to a third party provider.

A cyber security provider can help to keep your defences up-to-date and running smoothly, mitigating any threats and often preventing attacks from happening at all, leaving you to focus on running your business.

Take control of your cyber security

Whatever you’re doing at the moment, there’s always something more you can be doing to protect your business from cyber criminals and unwelcome breaches. Implement some of the measures outlined in this guide to better protect your data.

And if you’d like to learn more about the importance of cyber security, download our free ebook, Protect, React, Recover: A Guide to Cyber Resilience for SMEs:

Cyber Security ebook