Cyber security essentials: a guide to protecting your business

Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face. Learn the essentials you need to keep your business safe with guidance from our experts.

 

Cyber attacks on large companies might make headlines, but don’t let that fool you into thinking that your business is safe because it’s smaller.

Cyber security essentials: a guide to protecting your business

Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face. Learn the essentials you need to keep your business safe with guidance from our experts.

 

Cyber attacks on large companies might make headlines, but don’t let that fool you into thinking that your business is safe because it’s smaller.

All businesses are vulnerable

Don’t fall into the trap of thinking your business is too small to be a target. Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face.

Security can be simple

Security monitoring and protecting your business against cyber threats doesn’t have to be complicated. Use strong, unique passwords; back up your data; install a good anti-virus application; and make sure software is up to date.

Humans are your first line of defence

The awareness of you and your employees is an important part of keeping your business secure. It only takes one absent-minded click on the wrong link to cause lasting damage. Appropriate training can make sure everyone knows what to do.

All businesses are vulnerable

Don’t fall into the trap of thinking your business is too small to be a target. Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face.

Security can be simple

Security monitoring and protecting your business against cyber threats doesn’t have to be complicated. Use strong, unique passwords; back up your data; install a good anti-virus application; and make sure software is up to date.

Humans are your first line of defence

The awareness of you and your employees is an important part of keeping your business secure. It only takes one absent-minded click on the wrong link to cause lasting damage. Appropriate training can make sure everyone knows what to do.

Small businesses can be a prime target for cyber criminals, often because they unknowingly don’t have strong enough IT security systems in place. 

According to Government research, 50% of UK small businesses reported a cyber attack or security breach in the past year, with the most disruptive incidents costing an average of £3,040.

A cyber attack can take time to recover from and cause lasting damage to your business’s reputation, especially if customer information has been leaked. 

Taking cyber security seriously is essential, even for smaller companies. But the good news is that basic steps can give you solid protection without great expense.

The most common threats your business is likely to face are:

Phishing

The most frequent type of cyber attack. It involves tricking an employee into revealing sensitive information, such as passwords or bank details, often via fake emails or convincing phone calls.

Malware

Malicious software that’s often used to steal sensitive information or cause your computer to malfunction. It’s usually hidden in email attachments or comes from accessing insecure websites. 

Ransomware

A specific type of malware that ‘encrypts’ a business’s files and data to prevent you from being able to get into them. The attackers then demand a ransom to restore access.

Phishing

The most frequent type of cyber attack. It involves tricking an employee into revealing sensitive information, such as passwords or bank details, often via fake emails or convincing phone calls.

Malware

Malicious software that’s often used to steal sensitive information or cause your computer to malfunction. It’s usually hidden in email attachments or comes from accessing insecure websites. 

Ransomware

A specific type of malware that ‘encrypts’ a business’s files and data to prevent you from being able to get into them. The attackers then demand a ransom to restore access.

Step 1: Secure the foundations

Make sure the tech you’re using is as secure as possible, which can be more straightforward than you might think. The most important things are: 

· Software updates 

Check you’re using the most recent versions of your software and operating system (i.e. Windows or MacOS). To stay ahead of cyber criminals, software companies regularly release new versions with security patches. Check for updates regularly and install them as soon as they’re available.

· Anti-virus software 

Make sure all your devices – including mobile phones – have up-to-date anti-virus software installed and activated. 

· Wi-Fi security 

Secure your Wi-Fi network with a strong password. Understand who can use your Wi-Fi and what it gives them access to, so it’s harder for outsiders to attack. Although the risk is small, encourage your employees to be aware of when they use insecure Wi-Fi networks (like public Wi-Fi in a café) to access company systems.

Step 2: Protect your data

To keep your business safe, your important data must be secure. That’s the information you need to run your business and information that, in the wrong hands, would be damaging to you or your customers.

There are three important elements to this:

· Passwords 

Make them strong, long and unique, and make sure to use different passwords for different websites, devices and services. A password made up of three random words often works well and is relatively easy to remember. If you can, use a multi-factor authentication system for added protection of important files and systems. 

· Back-ups 

Regularly back up your essential data. That way, if you do suffer a cyber attack, you can still access what you need. Using external hard drives or secure cloud storage can help here. Make sure you have an adequate cloud data security program suitable for a small business. 

· User access control 

Only give employees access to files they need to do their jobs. The more people who have access to confidential information, the greater the risk of a security breach. And be sure to remove unused accounts from business devices and software, too.

Top tip: Keep this simple – a spreadsheet to list assets and track who has access levels is perfectly fine.

Step 3: Train your team to spot and stop threats

Often, the weakest link in your business’s cyber security is human error. It may only take one absent-minded click on an authentic-looking email to allow a scammer to access your company’s systems. 

That’s why it’s important to be vigilant and always think twice before responding to an email, message or call from someone you don’t recognise. The criminals only need to get lucky once.  

Remind your team that they’re the first line of defence against a potential cyber attack, and invest in the latest security training from a trusted source to build your human firewall.

Key takeaways

If you only action three things, you should:

· Keep software up to date. 

It’s a routine way to make sure you’re using the latest protection. 

· Have good password hygiene. 

Make sure passwords are strong and are not repeated across multiple accounts or written down somewhere. Use multi-factor authentication for extra protection. 

· Train your employees on security fundamentals.

Ensure they understand the risks and do their bit to keep your company protected, and consider cyber security training.

Remember, cyber security is just as important for small businesses as it is for large corporations.

It doesn’t have to be difficult, expensive or time-consuming to find the safest ways of working and the best security systems for your small business– so get started now.

Security Awareness Training from BT

Security Awareness Training 

With Security Awareness Training from BT, you can create a culture of cyber security awareness and keep your business safe with a variety of cyber security trainings, phishing simulations and interactive quizzes. Make your employees your first line of defence.

You may also be interested in

How to do a small-business cyber security audit in six steps
SMART SOLUTIONS
September 03, 2025
How to do a small-business cyber security audit in six steps
Five tips to make your team more cyber aware
SMART SOLUTIONS
September 03, 2025
Five tips to make your team more cyber aware
Top 5 cyber security threats facing small businesses in 2025
SMART SOLUTIONS
September 03, 2025
Top 5 cyber security threats facing small businesses in 2025