Smart solutions
Five malware protection tips every small business needs
Malware attacks are a growing threat to small businesses, and many companies don’t know where to start when it comes to protecting themselves.
This five-step guide gives you practical, low-cost ways to defend your business against malicious software.
October 08, 2025
5 minutes
Cyber criminals frequently target small businesses using malicious software (malware). That’s often because small companies don’t know where to start to invest time and resource to protect themselves.
There are low-cost, highly effective ways of safeguarding your business, such as installing anti-virus software, keeping all operating systems updated, setting up a firewall and limiting the use of plug-in devices.
Human error is one of the ways malware can enter a business, such as via phishing emails. Make sure your employees undergo cyber security training and receive regular reminders to stay alert.
Malware is the technical term for any kind of malicious software, or computer virus, that can cause damage to your business.
The most common types that criminals use to target small businesses are:
- Ransomware
Cripples operations and scrambles data. Attackers will demand payment to restore access, or to prevent them publishing or selling stolen data. - Spyware
Spies on your digital activities to steal sensitive information. - Trojans
Disguised as legitimate software, often used to create a ‘back door’ digital entry to your business systems. - Keyloggers
Capture keystrokes to steal information such as logins and passwords. - Fileless malware
Viruses that operate in a computer’s memory, making them harder to detect.
Because small businesses are often seen as easy targets, it’s important to ensure you’re as well protected as possible.
Fortunately, there are lots of low-cost, high-impact actions you can take right now to significantly reduce the risk of major damage to your business.
Malware is a growing threat to UK small businesses, capable of disrupting operations, compromising sensitive data and damaging reputations
1. Install good anti-virus software
Ensure every digital device used by your business has effective anti-virus software installed. This should include mobile phones and any personal devices your employees use to access company systems (including email).
If you have devices which are being used away from your office, (which would generally be protected with some sort of firewall), and there is sensitive data being accessed, or you have more than about 20 devices being used across your business, then you need antivirus software. It should not only scans for known threats but also monitor your endpoint for any suspicious activity and support you to take action.
Top tip: Make sure your anti-virus software is updated to the most recent version so it can detect the latest malware threats.
2. Keep all your software updated
Cyber criminals are always looking for vulnerabilities in the code that’s used to write computer programs or apps. These weak spots can enable them to embed a virus that may cause serious damage to your business.
For that reason, developers regularly release software updates, which include ‘patches’ to improve security. That means the most recent version of any program or app is likely to be the safest.
Therefore, ensure the software installed on business devices is always kept up to date. That should include operating systems (such as Microsoft Windows or MacOS on computers, or Android or iOS on mobile devices) and browsers (such as Chrome, Firefox, Safari or Edge).
Top tip: Enable automatic updates, or if that’s not possible, make someone responsible for regularly checking all software is up to date.
3. Set up a firewall
Firewalls add a secure layer of protection around your business by only allowing permitted digital traffic in or out. That might include, for example, emails, downloads and access to websites.
They operate according to a predefined set of security rules and carefully inspect all the digital data leaving or entering your business to ensure it conforms to those.
For most small businesses, the firewall embedded in the BT Business Hub will offer an excellent level of security. But there will be a time when you need to consider enhanced firewall protection.
If your business is expanding, you are handling more sensitive data, or you’re expanding your workplace locations, you may need to consider a hardware firewall. This is a device that sits between your company network and your internet connection.
4. Control external devices
Be careful what you plug into your computers. USB sticks or other external devices can often carry malware. From there, it can spread onto your company computer and then infect the entire network.
To prevent this, make sure your anti-virus software will scan any device you plug in, to check it’s safe.
Top tip: Consider banning the use of external devices completely. It’s usually simpler and safer to use cloud-based platforms such as Google Drive or Microsoft SharePoint to transfer files, instead of relying on devices.
5. Train your employees
One of the easiest ways for cyber criminals to install malware on your business devices is via human error. For example, they might send phishing emails, which look like they have come from a legitimate source but contain a link to a malicious website or have an infected attachment.
Therefore, one of the most effective ways to keep your business safe from malware attacks is to train your employees in cyber security, monitor the training, understand where any weak knowledge lies and regularly remind them of the dangers.
Top tip: Training that includes simulations of real-world phishing attempts will help your team understand what to look out for.
Key takeaways
Protecting your company from malware attacks doesn’t need to be complicated.
- Use anti-virus protection on all devices and keep it, and all other software, updated.
- Set up a firewall and ensure it’s configured to only allow permitted digital traffic in and out of your business.
- Make sure all your employees undergo cyber security training and give them regular reminders to keep them alert to the dangers.
