Protect your business online

Common cyber security measures


Businesses should use different cyber security measures to keep their business data, their cashflow and their customers safe online. These measures should aim to prevent risks from various sources, including:

  • internet-borne attacks, eg spyware or malware
  • user-generated weaknesses, eg easily guessed passwords or misplaced information
  • inherent system or software flaws and vulnerabilities
  • subvert system or software features

Essential cyber security measures

The following processes and tools are fairly easy to introduce and, combined, they will give you a basic level of security against the most common IT risks.

Use strong passwords

Strong passwords are vital to good online security. Make your password difficult to guess by:

  • using a combination of capital and lower-case letters, numbers and symbols
  • making it between eight and 12 characters long
  • avoiding the use of personal data
  • changing it regularly
  • never using it for multiple accounts
  • using two-factor authentication

Create a password policy for your business to help staff follow security best practices. Look into different technology solutions to enforce your password policy, eg scheduled password reset. For detailed guidance on passwords, read the National Cyber Security Centre's (NCSC) guide on using passwords to protect your data and consider different password strategies that could boost your business security.

Control access to data and systems

Make sure that individuals can only access data and services for which they are authorised. For example, you can:

  • control physical access to premises and computers network
  • restrict access to unauthorised users
  • limit access to data or services through application controls
  • restrict what can be copied from the system and saved to storage devices
  • limit sending and receiving of certain types of email attachments

Modern operating systems and network software will help you to achieve most of this, but you will need to manage the registration of users and user authentication systems - eg passwords. For more information, read NCSC's introduction to identity and access management controls.

Put up a firewall

Firewalls are effectively gatekeepers between your computer and the internet. They act as a barrier to prevent the spread of cyber threats such as viruses and malware. It's important to set up firewall devices properly and check them regularly to ensure their software/firmware is up to date, or they may not be fully effective. Read more about firewalls in server security.

Use security software

You should use security software, such as anti-spyware, anti-malware and anti-virus programs, to help detect and remove malicious code if it slips into your network. See our detailed guidance to help you detect spam, malware and virus attacks.

Update programs and systems regularly

Updates contain vital security upgrades that help protect against known bugs and vulnerabilities. Make sure that you keep your software and devices up-to-date to avoid falling prey to criminals.

Monitor for intrusion

You can use intrusion detectors to monitor systems and unusual network activity. If a detection system suspects a potential security breach, it can generate an alarm, such as an email alert, based on the type of activity it has identified. See more on cyber security breach detection.

Raise awareness

Your employees have a responsibility to help keep your business secure. Make sure that they understand their role and any relevant policies and procedures, and provide them with regular cyber security awareness and training. Read about insider threats in cyber security.

You should also follow best practices defined in the government's Cyber Essentials scheme.

You can use the National Cyber Security Centre's (NCSC) free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.