Keeping your business secure online
How to prevent a malware attack, and considerations around storing and protecting personal data.
Much of the information for businesses is broadly similar to the guidance for individuals around keeping safe online.
However, business owners have additional concerns around malicious software (malware), personal data, and associated obligations around GDPR.
If you are a business owner, good cyber security could save you time, money and even the business’s reputation.
Protect from malware
- Install and activate antivirus software.
- Prevent staff from downloading third-party apps from unknown vendors or sources.
- Keep your software up to date – the easiest way is to set operating systems, programmes, phones and apps to automatically update wherever this is an option.
- If your phone, laptop or computer is no longer supported with updates, you should replace it with a more up-to-date model.
- Switch on your firewall – to create a buffer zone between your network and any threats that may arrive from the internet.
- Make sure you and your employees are aware of phishing scams.
- Do not allow unexpected remote access requests – criminals use this to access files or deploy malicious software.
Back up your data
All businesses, regardless of size, should make regular backups of their important data, and make sure these backups are recent and can be restored quickly.
Doing this will make sure your business can still function following the impact of malware, flood, fire, physical damage or theft.
When backing up your business’s data:
- identify what data you need to back up – prioritise data that your business needs to be able to operate, such as customer details, quotes, orders, and payment details.
- make multiple copies of files using different backup solutions and storage locations.
- consider using cloud storage – to ensure your data is physically separate from your location.
- read the cloud security guidance from the National Cyber Security Centre (NCSC).
- get into the habit of backing up your data regularly.
Keep your smartphone safe
Smartphone technology is a vital part of modern business, which makes it important to enable multi-factor authentication and make sure it can be tracked if stolen.
For more information, read our Protect your smartphone advice.
Use two-step verification and strong passwords
It is essential that any data held on your laptops, computers or tablets is available to you, but not available to unauthorised users.
For more information on securing that data, read our advice on Keeping yourself safe online.
Avoid phishing attacks
Criminals use phishing attacks to send fake emails, texts or calls to people, which may request sensitive information, download malware, or contain links to unsafe websites.
Businesses are often targeted because being able to compromise a single employee’s account can potentially provide access to wider internal systems and sensitive data.
To spot a phishing email, look out for:
- poor spelling, grammar and punctuation – this could indicate the email was not written by a professional corporate team.
- who the email is addressed to – if it is addressed to a ‘valued customer’, ‘colleague’ or ‘friend’, this can be a sign the sender does not know you
- any links, attachments or QR codes in the email – if you are suspicious, do not open them
- veiled threats that ask you to act urgently – some fraudsters try to create a sense of urgency to panic their targets into responding
Training for businesses
There are a couple of NCSC initiatives that we encourage businesses to look into, depending on how many employees they have:
- Cyber Action Toolkit – aimed at sole traders and small businesses
- Cyber Essentials certification – aimed at businesses with 50 or more employees
- Exercise in a Box – a free resource to enable organisations to practise their response to a cyber-attack.