Guide

Protect your business online

Common cyber security measures

Businesses should use different cyber security measures to keep their business data, their cashflow and their customers safe online. These measures should aim to prevent risks from various sources, including:

  • internet-borne attacks, eg spyware or malware
  • user generated weaknesses, eg easily guessed password or misplaced information
  • inherent system or software flaws and vulnerabilities
  • subvert system or software features

Essential cyber security measures

The following processes and tools are fairly easy to introduce, even for the smallest businesses. Combined, these will give you a basic level security against the most common IT risks.

Use strong passwords
Strong passwords are vital to good online security. Make your password difficult to guess by:

  • using a combination of capital and lower-case letters, numbers and symbols
  • making it between eight and 12 characters long
  • avoiding the use of personal data
  • changing it regularly
  • never using it for multiple accounts
  • using two factor authentication

See how to protect against password-guessing attacks.

Create a password policy for your business to help staff follow security best practice. Look into different technology solutions to enforce your password policy, eg scheduled password reset. Find different password strategies that could boost your business security.

Control access
Make sure that individuals can only access data and services for which they are authorised. For example, you can:

  • control physical access to premises and computers network
  • restrict access to unauthorised users
  • limit access to data or services through application controls
  • restrict what can be copied from the system and saved to storage devices
  • limit sending and receiving of certain types of email attachments

Modern operating systems and network software will help you to achieve most of this, but you will need to manage the registration of users and user authentication systems - eg passwords. Read more about identity and access management controls.

Put up a firewall
Firewalls are effectively gatekeepers between your computer and the internet, and one of the major barriers to prevent the spread of cyber threats such as viruses and malware. Make sure that you set up your firewall devices properly or they may not be fully effective. Read more about firewalls in server security.

Use security software
You should use security software, such as anti-spyware, anti-malware and anti-virus programs, to help detect and remove malicious code if it slips into your network. Discover how to detect spam, malware and virus attacks.

Update programs and systems regularly
Updates contain vital security upgrades that help protect against known bugs and vulnerabilities. Make sure that you keep your software and devices up-to-date to avoid falling prey to criminals.

Monitor for intrusion
You can use intrusion detectors to monitor system and unusual network activity. If a detection system suspects a potential security breach, it can generate an alarm, such as an email alert, based upon the type of activity it has identified. See more on cyber security breach detection.

Raise awareness
Your employees have a responsibility to help keep your business secure. Make sure that they understand their role and any relevant policies and procedures, and provide them with regular cyber security awareness and training. Read about insider threats in cyber security.

You should also follow best practices defined in the government's Cyber Essentials scheme.