Essentials explained
Cyber security essentials: a guide to protecting your business
Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face. Learn the essentials you need to keep your business safe with guidance from our experts.
Cyber attacks on large companies might make headlines, but don’t let that fool you into thinking that your business is safe because it’s smaller.
September 03, 2025
5 minutes
Essentials explained
Cyber security essentials: a guide to protecting your business
Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face. Learn the essentials you need to keep your business safe with guidance from our experts.
Cyber attacks on large companies might make headlines, but don’t let that fool you into thinking that your business is safe because it’s smaller.
September 03, 2025
5 minutes
Don’t fall into the trap of thinking your business is too small to be a target. Nearly half of small businesses experienced a cyber attack or security breach in the past year. Phishing, malware and ransomware are the most common types of cyber attack your business might face.
Security monitoring and protecting your business against cyber threats doesn’t have to be complicated. Use strong, unique passwords; back up your data; install a good anti-virus application; and make sure software is up to date.
The awareness of you and your employees is an important part of keeping your business secure. It only takes one absent-minded click on the wrong link to cause lasting damage. Appropriate training can make sure everyone knows what to do.
Small businesses can be a prime target for cyber criminals, often because they unknowingly don’t have strong enough IT security systems in place.
According to Government research, 50% of UK small businesses reported a cyber attack or security breach in the past year, with the most disruptive incidents costing an average of £3,040.
A cyber attack can take time to recover from and cause lasting damage to your business’s reputation, especially if customer information has been leaked.
Taking cyber security seriously is essential, even for smaller companies. But the good news is that basic steps can give you solid protection without great expense.
The most common threats your business is likely to face are:
Phishing
The most frequent type of cyber attack. It involves tricking an employee into revealing sensitive information, such as passwords or bank details, often via fake emails or convincing phone calls.
Malware
Malicious software that’s often used to steal sensitive information or cause your computer to malfunction. It’s usually hidden in email attachments or comes from accessing insecure websites.
Ransomware
A specific type of malware that ‘encrypts’ a business’s files and data to prevent you from being able to get into them. The attackers then demand a ransom to restore access.
Step 1: Secure the foundations
Make sure the tech you’re using is as secure as possible, which can be more straightforward than you might think. The most important things are:
· Software updates
Check you’re using the most recent versions of your software and operating system (i.e. Windows or MacOS). To stay ahead of cyber criminals, software companies regularly release new versions with security patches. Check for updates regularly and install them as soon as they’re available.
· Anti-virus software
Make sure all your devices – including mobile phones – have up-to-date anti-virus software installed and activated.
· Wi-Fi security
Secure your Wi-Fi network with a strong password. Understand who can use your Wi-Fi and what it gives them access to, so it’s harder for outsiders to attack. Although the risk is small, encourage your employees to be aware of when they use insecure Wi-Fi networks (like public Wi-Fi in a café) to access company systems.
Step 2: Protect your data
To keep your business safe, your important data must be secure. That’s the information you need to run your business and information that, in the wrong hands, would be damaging to you or your customers.
There are three important elements to this:
· Passwords
Make them strong, long and unique, and make sure to use different passwords for different websites, devices and services. A password made up of three random words often works well and is relatively easy to remember. If you can, use a multi-factor authentication system for added protection of important files and systems.
· Back-ups
Regularly back up your essential data. That way, if you do suffer a cyber attack, you can still access what you need. Using external hard drives or secure cloud storage can help here. Make sure you have an adequate cloud data security program suitable for a small business.
· User access control
Only give employees access to files they need to do their jobs. The more people who have access to confidential information, the greater the risk of a security breach. And be sure to remove unused accounts from business devices and software, too.
Top tip: Keep this simple – a spreadsheet to list assets and track who has access levels is perfectly fine.
Step 3: Train your team to spot and stop threats
Often, the weakest link in your business’s cyber security is human error. It may only take one absent-minded click on an authentic-looking email to allow a scammer to access your company’s systems.
That’s why it’s important to be vigilant and always think twice before responding to an email, message or call from someone you don’t recognise. The criminals only need to get lucky once.
Remind your team that they’re the first line of defence against a potential cyber attack, and invest in the latest security training from a trusted source to build your human firewall.
Key takeaways
If you only action three things, you should:
· Keep software up to date.
It’s a routine way to make sure you’re using the latest protection.
· Have good password hygiene.
Make sure passwords are strong and are not repeated across multiple accounts or written down somewhere. Use multi-factor authentication for extra protection.
· Train your employees on security fundamentals.
Ensure they understand the risks and do their bit to keep your company protected, and consider cyber security training.
Remember, cyber security is just as important for small businesses as it is for large corporations.
It doesn’t have to be difficult, expensive or time-consuming to find the safest ways of working and the best security systems for your small business– so get started now.
Security Awareness Training
With Security Awareness Training from BT, you can create a culture of cyber security awareness and keep your business safe with a variety of cyber security trainings, phishing simulations and interactive quizzes. Make your employees your first line of defence.
