Skip to main content
Become a member
  • Register
  • Login

Register Login



Ten tips to make your small business cyber secure

14 May 2021

As you look to grow your business, the threats from cyber criminals will likely increase.

More access points to your data and information, more complex IT systems and more staff to train all create more opportunities for fraudsters to infiltrate and disrupt your operations. And, with staff increasingly working remotely, it’s more important than ever to ensure everyone knows their role.

Here are ten simple steps you can take to help protect your business:

  1. Encourage strong passwords and use two-factor authentication

    Make sure your software and system passwords are easy to remember but hard to guess. Mixing letters, numbers, capitals and unusual characters – such as exclamation marks – will help. Remember to regularly change your passwords, too.

    Also consider implementing two-factor authentication (2FA) – also known as multi-factor authentication – into your network wherever possible. This adds extra security by requiring the user to present two different proofs of identity before they can gain access – usually a password plus a code that’s sent to the user’s phone, for example.

  2. Keep your network up to date

    It’s easy to be tempted to dismiss prompts to update the software we use – thinking we’ll come back to it later, when we’re less busy.

    But keeping your network up to date – including anti-virus software – is vital, as latest software versions will often contain security updates. So, while it might take a few minutes out of your busy day – it may also save you a whole lot of problems later on.

  3. Provide firewall security for your internet connection

    A firewall prevents outsiders from accessing data on your private network – and is your first line of defence. Make sure your operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are also protected by a firewall.

  4. Use a Virtual Private Network (VPN)

    VPNs use a private network to hide your IP address and are particularly useful for businesses with a flexible and mobile workforce. They allow you to use the internet anywhere via a secure connection – ensuring your company network stays secure – adding an extra layer of security.

  5. Encrypt your data

    Encrypting your data means that if cyber criminals are able to breach your system and access your data, they won’t be able to view it. Encryption software used to be limited to bigger businesses but is now widely available for small businesses. In fact, many devices come with encryption built-in – so you just need to make sure it’s switched on.

  6. Train your staff to be secure and spot attacks

    The vast majority of cyberattacks start with an employee clicking on a link in an email that looks like it’s from a legitimate source and with an attachment made to look like a PDF*.

    Ensure your staff are educated on the things to look out for and how to respond if they think they have been compromised – by giving them regular cyber training and updates. Cover off those cyber vulnerabilities where employees are most at risk. Remind them of the need to use strong passwords and never to share sensitive information such as bank details and personal or company information without checking with you or someone senior first.

    Practical workshops are the best way to do this – and the time taken to plan and run them is well worth the investment.

  7. Minimise the access points

    Educating your employees on how to limit the opportunities for attacks means also reminding them that the more devices they use, the more access points they create for cyber criminals.

    Remind them to use only authorised devices for work and discourage them from using personal laptops, phones and tablets – as these may not have the same levels of cyber protection in place.

  8. Make it easy for staff to report suspicious emails

    Encourage your employees to ask for help if they think they may have clicked something that causes a breach. If you have a culture where people think they will be punished, it will discourage them from reporting it and that could waste valuable time in taking steps to scan for malware and change passwords to limit the damage.

  9. Build a data security policy

    As your business grows, the amount of data you hold and the complexity of your IT systems will grow too, so it’s worth establishing a simple security policy to help you understand where the risks are. This should include:

    - a list of what data you have stored – and where;

    - how important different data is;

    - how data is accessed and moved around; and

    - who in the business has permission to access different data.

  10. Invest in the right insurance

    While all of these measures will help you protect your business against an attack, taking out the right insurance can help you offset any financial impact – and can ensure you’re in the best possible place to return to normal as quickly as possible.

We work with Hiscox, who offer a wide range of insurance policies to help protect your business – including cyber & data, professional indemnity and office cover.  

As an IoD member, you benefit from a 5% discount on their standard rates for the life of your policy.

0800 280 0354

Find out more


An error has occurred. Error: Related articles is currently unavailable.

Contact our press office

Press office

IoD Professional Development Brochure

Knowledge, skills and mindset for a challenging world

IoD courses are designed to tackle the core competencies needed to thrive at board-level.

Download course brochure