Top tips for small businesses to manage their cyber risk


Read time: 1 min        Added date: 05/12/2024

Giles and Sarah give 10 dos and 10 don’ts on how small businesses can manage their cyber risk, strengthen their cyber security and protect themselves against potential threats.

Dos:

  1. Do security training with your teams: Teach all your employees how to spot phishing emails, how to create strong passwords, and the importance of using the internet safely.  
  2. Do encourage the use of strong passwords: Choose complex passwords and use multi-factor authentication (MFA) wherever possible.
  3. Do keep software updated: Regularly update operating systems, applications, and security software to protect your business against vulnerabilities.
  4. Do backup data regularly: Make sure to schedule regular data backups and store them in a secure, offline location.
  5. Do use firewalls, VPNs and antivirus software: Install and maintain robust firewall and antivirus solutions to protect networks and devices from malicious attacks.
  6. Do limit access to sensitive information: Ensure that employees only have access to the information necessary for their roles.
  7. Do develop an Incident Response Plan: Create a plan for responding to cyber security incidents to minimise damage and recovery time, think how to recover your business not just IT.
  8. Do monitor your network: Use monitoring tools to look out for unusual activity and potential breaches.
  9. Do check out the small business guides: Both the National Cyber Security Centre website and Lloyds (PDF, 8.2MB) have lots of free expert advice, tips and guides.
  10. Do contact your bank, the police, and insurer: If your business does become a victim of a cyber-attack, let your bank know immediately or contact the police via ActionFraud

Giles Taylor, Head of Resilience and Security, Lloyds

Don'ts:

  1. Don't forget mobile device security: Make sure mobile devices are protected as they can be a weak link in your cyber security defence.
  2. Don't use public Wi-Fi for business transactions: Avoid using public Wi-Fi for accessing sensitive business information unless you have a secure VPN.
  3. Don't ignore software vulnerabilities: Ensure that you keep your businesses software up to date to help address any known security flaws and turn on automatic software updates.
  4. Don't use the same passwords continuously: Ensure everyone in your organisation renews their passwords to log onto devices and software at least every six months.
  5. Don't overlook physical security: Protect physical access to computers and servers; consider locks, security cameras, and access control measures.
  6. Don't click on unknown links or open suspicious attachments: Advise employees to verify the source before clicking on links or downloading attachments.
  7. Don't forget to secure your website and email: Use HTTPS, keep web applications updated, regularly test for vulnerabilities, and implement Domain-based Message Authentication, Reporting and Conformance (DMARC).
  8. Don't assume you're too small to be targeted: Understand that cyber-criminals often target small businesses as they may have weaker security measures.
  9. Don’t panic if you experience a cyber-attack: Contact your bank, police , insurer and the National Cyber Security Centre for guidance.
  10. Don’t pay a ransom: If one is demanded, there’s no guarantee you will get your data back. 

Sarah from the National Cyber Security Centre

Watch the 5 minute video

Cyber security is not just a technology problem, it’s a business problem.  From the cost of cyber protection to looking at who is responsible for protecting the business, watch to learn more about the impacts of cyber risk.

Listen to the 10 minute discussion

Hear from our experts Giles and Sarah as they dive deeper into the full lifecycle of a cyber-attack, how to develop a cyber security plan and what to do if your small business has been targeted by cybercrime.

Listen to the audio

Protect your business from cyber risk

Guidance and services to ensure your business prioritises cyber security. 

More about cyber security