Five Simple Steps To Protect Your Business From Digital Threats

Train your team

Make sure everyone in your business knows what cyber security threats to look out for and how to avoid them. Using strong passwords and multi-factor authentication are straightforward but powerful ways to protect your company.

Update and back up

You can improve your business’s cyber security simply by updating your computer and mobile phone software and operating systems regularly. The latest versions feature the newest security measures. Always back up important data so you can access it if you’re locked out by ransomware.

Need to know

Limit access to sensitive information in your business. The fewer people have access to it, the lower the risk of it being compromised. Have policies about data access for specific job functions and review them regularly.

Train your team

Update and back up

Need to know

Every organisation, whatever its size, needs security to stay protected from all types of cyber attacks.

If you run a small business and don’t have a specialist IT team, keeping everything secure might feel overwhelming. But it’s possible to have a big impact just by acting on these quick cyber security tips on a regular basis, and you don’t need to be an IT expert or spend a lot of your budget.

Your main aim is to make yourself a less attractive target to cyber criminals.

1. Train your team

Human error is the number one cause of data breaches, but empowered employees can become your first line of defence. Providing regular, basic cyber security training can build your defences against most forms of cyber attack.

Everyone should know how to:

Spot a phishing attack (or social engineering), which is when a scammer tricks you into revealing important information.
Recognise a suspicious online link or email attachment.
Use secure passwords.

Take action today:

Explore and adopt an industry-recognised cyber security awareness training programme that covers basic cyber hygiene and fraud prevention. Also consider scenario-based learning tailored to small business environments.

2. Use strong passwords and multi-factor authentication

Good password hygiene is essential, and it’s one of the easiest things you can do to improve cyber security in your business. Ensure that your employees are using best practices such as:

Ensure passwords are at least eight characters long and use at least one capital letter, one number and one special character (such as !, * or @).
Make them impossible to guess. A good technique is to look around the room you are in and pick 3 unrelated ‘items’ as your main password.
Don’t reuse them. If a criminal gets hold of one, they’ll attempt to use it to access your other accounts using automated technology.
Never reveal your password to anyone, no matter how legitimate they may seem.

Multi-factor authentication (MFA) is like putting an extra lock on your door. This is where you get a code sent to your phone or email, adding an extra layer of security even if someone has guessed or stolen your password.

Take action today:

Use a certified password manager to generate a unique and secure password for every account and store them safely.
Ensure MFA is turned on for email, banking and cloud services such as Microsoft 365, Google Workspace, social media, etc.

Your team can be your strongest shield. Train them well, and they’ll help protect everything that’s important to your business.

Victor Djondo Cyber Security Culture & Education Expert, BT Business

3. Keep all devices and software up to date

Updates to software and operating systems (such as Windows, MacOS, Android and iOS) often contain ‘patches’, which are security features that plug vulnerabilities in previous versions of the software.

That means it’s vital to always prioritise and action device and software updates as soon as they are available, as outdated systems can be easy targets for attackers.

Take action today:

Turn on automatic updates for all your software and devices.
If that’s not possible (for example, because an auto update might interfere with a work process), assign someone to check on a regular basis, weekly as a minimum.

4. Back up your data regularly

It’s wise to always keep a copy of all your business’s important data. Ransomware attacks that lock you out of your systems are a common cyber threat, and having copies will protect you if this happens. Plus, it can prevent any disruptions from a technical issue impacting your main systems or software.

If you’re not sure what to back up, ask yourself: could your business carry on running without access to this file or information? If the answer is ‘no’, or even ‘maybe’, then back it up.

The 3-2-1 rule is a gold standard way to work. It means having three versions of important data in two different places, with one copy off-site. If this isn’t possible then a good alternative is to keep copies using a cloud service, for example, Microsoft OneDrive or Google Drive.

Take action today:

Back up your essential data to the cloud on a regular basis and use version history. That way, you can be sure you’re accessing the latest versions of documents, rather than ones that are out of date.
Regularly test your back up processes are working, ideally every quarter.

Every update, every backup, every strong password is a win against cyber threats. Keep stacking those wins.

Lee StephensPrincipal, Security Advisory Services, BT Business

5. Limit access to sensitive info

Not everyone in your business needs access to everything. For example, only those involved in HR or finance need to see employees’ salaries. Meanwhile, only sales and marketing people need access to detailed customer information.

The fewer people with access to sensitive data, the lower the risk it’ll be compromised. So, follow a ‘need to know’ rule. Having a clear company policy can help you establish and enforce it.

Take action today:

Set up user permissions that are based on roles (not individuals). For example, what does a finance person need to access to do their job?
Review these access rights at least every three to six months.

Key takeaways

Cyber security starts with smart digital habits. Simple steps can make a big difference, and every business can take them.

You don’t need deep expertise or a big budget to get started. Just pick one tip and act today. Then keep going. Because cyber security is everyone’s business.