10 important cybersecurity tips for your small business

10 important cybersecurity tips for your small business image

According to a 2019 report by the Federation for Small Businesses (FSB), 20% of small businesses say they’ve been a victim of cybercrime. The report highlighted that a single cyber-attack is costing small businesses around £1,300.

It’s easy to get blasé about cyber security if you’ve yet to experience an attack. But you need to be prepared just in case. Not only can an attack disrupt your business, which is inconvenient, but you could also lose money, important data and information could be stolen. It could also have a lasting impact on your reputation - customers might lose faith in your business.

The easiest way businesses can help themselves is by installing security software and updating it regularly. But there’s more you can be doing. We’re sharing ten cyber security tips to help protect your business against growing cyber threats.

Top 10 Essential Cybersecurity Tips for Small Businesses Infographic

Please credit capalona.co.uk with this infographic.

3 common cyber security threats facing small businesses

Before you can fend off any cyber-attacks, you need to know what you’re up against. Three common security threats include phishing, malware and weak passwords.


Phishing is a scam to get you to download a virus or software such as spyware or malware onto your electronic devices. The scammer usually creates a believable email or text message containing a link, that when clicked, downloads the virus to your device - this process is known as a drive-by download.


Where phishing is the process of getting information, malware is what they want you to download. Malware, short for malicious software, is software that, when downloaded, can cause harm to your business. It can be costly to repair computer devices infected with it, and if data is accessed, it can put your employees and customers at risk.

Weak passwords

Want some shocking password statistics? According to DataProt, 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords, and 23 million account holders have the password ‘123456’. These stats are worrying, but the good news is if you’ve got weak passwords, it’s something you can rectify immediately.

So how can you reduce the risk of cyber-attacks?

1. Install antivirus software on all your devices

This is one of the easiest ways to protect your company devices from a cyber attack. But don’t just install antivirus software on your desktop computers; you need to make sure any device you use for work is protected.

You’re more than likely to be given a free trial or discounted periods for antivirus software when you purchase new equipment.

Consider buying a subscription that automatically renews, so you don’t have to remember to renew manually; otherwise, this could leave your devices exposed.

Here is some small business antivirus software we recommend:

2. Educate your staff on the dos and don’ts

According to this report, from July 2021, 94% of organisations have experienced insider data breaches in the last year. Human error will always likely occur in business — we’re human, after all. But when it comes to poor protocol education, there’s no excuse.

Employees should receive training about how to spot phishing emails and understand the process of reporting such threats internally. You need to educate employees to understand not to download third-party apps onto mobile devices supplied by the company unless they come from manufacturer-approved platforms, including Google Play Store and the App Store from Apple.

To make sure everyone’s on the same page, consider including staff awareness training in your onboarding process.

3. Keep all your IT equipment updated

When you receive the dreaded update notification on Windows, you might scream internally, but they’re there to close security gaps and keep your computer protected against viruses. You should always take the time to update all your devices when prompted. When the updates are no longer available, you should consider replacing the product with the manufacturer’s latest edition.

4. Always keep your data backup separate from your main computer

Not only is it sensible to do this in case of fire and theft, but keeping your data backup separate from your main computer can reduce the risk of it becoming infected if ransomware makes its way into attached devices. Your backup should not be accessible to staff members, and you should consider storing your backup on a USB stick or on a separate device.

5. Opt for cloud storage

If you don’t want to faff around with USB sticks and separate devices, you could store your essential data in the cloud. When a service provider stores your data on their infrastructure, it’s usually at a higher level of security. It means you can store your data in a separate location.

Providers often allow you to have a certain amount of space for free, and then if or when you need it, you can pay to increase that storage space. For the security you get, it’s a minimal amount to pay to protect your business.

Here is a list of small business cloud storage providers you can check out:

6. Monitor use of USB drives and memory cards

To prevent infected USB sticks from being plugged into any computer, you’ll want to grant permission to approved users only. You can physically block access to USB ports for most of your employees and only allow approved USB sticks and memory cards to be used in your company. It only takes one infected stick to bring down your whole business.

7. Change your passwords regularly

Not only should you always use password protection, but you should also change your passwords regularly - it's a simple yet effective way to protect your company data. Some companies enforce password changes every 30, 60 or 90 days. How often you enforce password changes might depend on how often users are accessing the account or how sensitive the data is in a particular platform or software.

51% of people use the same passwords for both work and personal accounts, so you might want to implement this password rule sooner rather than later.

8. Switch your firewall on

Put simply, firewalls stop attackers from accessing sensitive internal data such as customer databases and employee information - and you don’t want this information getting into the wrong hands. By keeping your firewall switched on all the time, it’s able to detect threats and block them before they can do any harm.

Firewalls can stop hackers from accessing your data, stop keyloggers (software that records all keystrokes made by a user), block trojan attacks (small pieces of code attached to your files gathering intelligence about your server) and more.

9. Track your devices

If you have employees who have work smartphones or travelling salespeople armed with tablet devices, all it takes is for someone to leave their device on a bus or have it stolen from their home and company data could be ripe for the picking.

In these instances, you’ll want to be able to track the device, remotely lock it and erase stored data. Make sure all remote devices are equipped with these tools to protect them should the worst happen.

10. Use two-factor authentication (2FA) when necessary

For your extra important accounts, you should always use two-factor authentication. This double authentication process makes it harder for criminals to get into your devices - you’re basically layering up the protection of these accounts. It’s relatively straightforward to set up - not a lot of effort for an extra layer of protection.

More resources

Consider cyber insurance as part of your SME business insurance policy. Hiscox provides cyber and data risks insurance to help support businesses if they experience a data breach or malicious cyber hack.

The government backed Cyber Essentials certification will help protect your small business from a range of common cyber attacks

About the author

Simon Moorcroft Author
Written by Simon Moorcroft | May 07, 2024

Money Writer, Director and Co-Founder

Simon has over twelve years of experience in consumer and business finance. Simon is a Co-Founder and Director at Capalona and heads up the technology team, who utilises the latest technology to assist our customers in finding fast finance.

Updated: May 07, 2024
Published: November 15, 2021

Share this guide?

Related articles