Need help? Call us on

0800 970 0077Monday to friday from 9am to 5:30pm

Cybersecurity: A Small Business Guide

Having proper cyber-security measures in place should be a key priority for businesses of any size.

There’s a common misconception among small business owners that only large corporations suffer from cyber-attacks. However, an increasing number of successful ransomware attempts and breaches in small business security proves the opposite.

Local companies are especially vulnerable to hacking because many of them lack basic cyber-security knowledge and do not have the security tools necessary to shield themselves from frequent cyber-attacks.

While studies show that around 50% of small businesses experience cyber-attacks, an overwhelming number of respondents don’t think their company is at risk. According to a report from the Better Business Bureau, around a third of small business owners haven’t heard of ransomware, and around a quarter don’t know what phishing is. Half have also never heard of point-of-sale malware, which is one of the most common threats in the hotel and catering industry.

Cyber criminals may attack small companies to get access to sensitive business information, such as the credit card details or national insurance numbers of customers and employees.

Needless to say, compromising the private data of your customers may have dire consequences, so taking care of cybersecurity for your business is essential. Here are the key steps you should take to secure your business data.

Start with training

People may be the largest security vulnerability in your company but, with proper training, they can easily become your first line of defence.

Get your staff invested in the safety of your business data and take their online behavior seriously. Train them to recognise and report phishing emails and stress the importance of not engaging in suspicious activities.

It is also extremely important to provide constant updates about recent security threats so that your staff can identify and avoid them.

Set strong passwords

Login and authentication data are the most common targets of attacks on small businesses, so creating strong passwords is a must. Get your employees to create a unique, complex password for each of their accounts and, of course, don’t forget to update your passwords as well.

Set up 2FA (two-factor authentication) whenever possible. 2FA will add an extra layer of security to your account, so even if a cybercriminal manages to discover your password, they still won’t be able to intercept any of your data.

To access an account secured with 2FA, your employees will need to prove their identity twice: with something they know (e.g., password) and something they have (e.g., another device or a code).

Get cyber liability insurance

Cyber liability insurance won’t protect your company from cyber-attacks, but it can help your business recover faster if you fall a victim to such a crime.

Breaches sure are expensive. On average, a data breach can cost the affected company more than £5 million due to the breached client records, business disruption, legal expenses, not to mention the negative impact on brand’s reputation.

Cyber insurance can help your company to offset expenses related to recovery after security breaches and similar events. Cyber liability insurance can cover the costs of incident management and investigation, data subject notification, lawsuits and extortion, business interruption, and data loss recovery.

Take only what you need

The more information about your customers you have, the more you have to lose if hit by a cyber-attack.

Before asking your customers to provide their personal or financial details, first decide if you really need this information. It’s fine to collect email addresses or names of your customers, but is it necessary to get their national insurance numbers, home addresses, or links to social media profiles? If yes, then be ready to properly secure the information you require and keep.