How to reduce your risk of being a victim of cyber crime

  • 24 Apr 2019

By Sarah Lyons, deputy director, economy and society, at the National Cyber Security Centre

The proportion of UK firms reporting a cyber-attack has increased, despite most businesses admitting they are under-prepared for breaches, according to research from Hiscox.

The insurer found 55% had faced an attack in 2019, up from 40% last year.
Despite the perception in some media stories, it’s not just large global companies that are at risk of a cyber security breach. In fact, the Government’s Cyber Security Breaches survey revealed that 42 per cent of micro/small businesses identified one breach or attack in the last 12 months. 



While staying secure might feel like a daunting challenge, it no longer needs to be. The NCSC’s Small Business Guide can provide you with advice that is simple and low cost, allowing you to protect yourselves against the majority of cyber threats.

Install the latest updates 
New research from Cyber Aware and Anglia Ruskin University has revealed that 47 per cent of UK adults surveyed delay installing updates, so it’s likely that a few people from across your business are procrastinating on this task too. No matter what devices your organisation uses, it’s important they are kept up to date with the latest software and app updates at all times. They contain vital security which helps protect your device – and confidential data – from viruses and would-be hackers.

Use strong passwords 

An employee’s email account contains a wealth of information. This may include client bank details, supplier addresses, confidential internal emails and much more. If this data is stolen by hackers, your business is at risk of losing more than just its reputation. 

To avoid this, it is important that your employees don’t have the same password for all their online accounts. Encourage them to use a strong and separate password for their most important accounts, so if a hacker gets into one account, they won’t be able to access them all. It’s usually easy to set up additional protection through “two-factor authentication” (2FA) for the most important websites like banking and email. 

Use screenlocks on phones and tablets

There are often a wide range of devices in a workplace, each one containing data that would be valuable to a cyber criminal. It is easy to add an extra layer of security simply by turning on the screenlock function. This means only approved members of staff will be able to access confidential information. 

Back up important data

Businesses are responsible for both their own data, as well as the data of their customers, suppliers and employees. To protect it, back up this important data to an external hard drive or cloud-based storage system. Otherwise, if your business devices were to become infected by a virus or malicious software, a hacker could damage or delete this information, risking your business’s reputation.  


Train employees

Your employees will receive hundreds of emails each day. With this volume of messages, it is important to remain suspicious of emails or attachments that don’t look or feel right. Remind employees that even if a suspicious email comes from a company or person they know, it is best to contact them by other means to check they are genuine. An email address can be faked and attachments may contain viruses or malware.

For more cyber security guidance and detailed versions of the tips above download the Small Business Guide on the NCSC and the Cyber Aware websites.

Related topics