Protect your business online

10 cyber security tips to protect your business online

Guide

The latest UK Cyber Security Breaches Survey showed that in the last 12 months, 39 per cent of UK businesses identified a cyber attack. Within this group, 31 per cent of businesses estimate they were attacked at least once a week and 1 in 5 say they experienced a negative outcome as a result of an attack.

Clearly, no business is immune to cyber risk irrespective of its size and industry. But all businesses can alleviate some of the risks by taking simple steps to protect themselves and their organisation online.

The National Cyber Security Centre (NCSC) has outlined top tips for staying safe online:

  1. Make regular backups of your key systems and data. Keep copies securely off-site and check that they work.
  2. Apply any new security patches for your operating system, web browser and all other software on your devices to keep them secure. In many cases, you can set the software to auto-update itself or download the software patches manually.
  3. Install and regularly update anti-virus and anti-malware software on all your devices.
  4. Use strong passwords and change them regularly. Also, consider using two-factor authentication for added security.
  5. Use different passwords for different websites/services or consider using a reputable password management tool.
  6. Encrypt any sensitive data and do not send passwords or other sensitive data via email unencrypted.
  7. To protect against phishing or ransomware be cautious of clicking on links sent to you within emails, social media websites/apps or unfamiliar websites.
  8. Use a firewall and check that your internet router/firewall has the latest firmware installed.
  9. If you operate a Wi-Fi network make sure it is encrypted (eg WPA2) and regularly change the Wi-Fi password.
  10. Use a VPN (a virtual private network) if you are accessing your systems over public Wi-Fi or an insecure network.

Other common cyber security measures and best practices for cyber security in business will help you further increase the resilience of your business.

Actions to take in times of increased cyber threat

In response to recent malicious cyber incidents in and around Ukraine, the NCSC has updated its guidance on actions to take when the cyber threat is heightened.

The guidance urges organisations to go beyond the basic steps to reduce the risk of experiencing an attack. Businesses should not delay:

  • patching their systems
  • improving access controls and enabling multi-factor authentication
  • implementing an effective incident response plan
  • checking that backup and restore mechanisms are working 
  • ensuring that online defences are working as expected

Businesses are also advised to keep up to date with the latest threat information. Register for the NCSC's Early Warning service to learn about malicious activity potentially affecting your network. If you do experience a cyber attack, you should report the incident to the NCSC's 24/7 Incident Management team.