Top five cyber-security tips
How prepared are small businesses to face cyber threats?
With the shift towards hybrid -working and changing consumer expectations, a digital offering is a necessity for all modern businesses. From your website to your online shop. This exposes businesses to new risks.
Small businesses are particularly vulnerable. According to the latest government data, half of small businesses in the UK report having suffered a cyber-attack in the past 12 months and 35% of micro businesses reported phishing attacks.
Scroll down to see what small businesses can do to address the bad habits that create vulnerabilities and top tips on how to keep safe.
Top five cyber-security tips
What measures can businesses take to shore up their cyber-security?
1. Update your systems and software regularly
As a small business owner, you’re probably relying on software from other providers — your Apple iPhone, your QuickBooks accounting software, your Wix website. These companies have teams working behind the scenes to identify and remediate, or "patch" vulnerabilities through software updates.
These tools are constantly updating, so it’s important that you keep up with those updates as they come through. You could even set company devices to auto-update.
2. Install basic cyber-security protections
Another step you can take is to install basic protections like anti-virus, anti-malware software and a firewall.
Anti-virus and anti-malware software will help scan your devices and files for malicious software, and remove it once identified.
A firewall monitors incoming and outgoing network traffic, patrolling it for any suspicious activity.
Top tip: Sign up to the Cyber Action Toolkit — a free, personalised security guide from the National Cyber Security Centre (NCSC). It breaks cyber protection down into simple, practical steps you can take at your own pace — with built-in progress tracking to keep you moving forward.
3. Use multi-factor authentication and practice good password hygiene
Make sure you and all your employees are meeting password best practices. That means using long, complex and unique passwords across all of your accounts. Duplicating your passwords or sharing them is a big no-no. Using a password manager is a useful tool to help with this.
Equally important is enabling two-factor (2FA) or multi-factor authentication (MFA) wherever possible. This can be one of the simplest and strongest ways to boost password security. Using 2FA or MFA adds an extra layer beyond your usual password — whether that’s a code sent to your phone, a fingerprint or a security app.
By asking for more than just something you know, they make it much harder for hackers to get in. So if it’s available, switch it on.
4. Back up your data
To ensure important data is not lost during a cyber-attack, you need to regularly back up your data. Even better, you should back your data up on an offline drive.
This ensures it can be recovered quickly and reduces the leverage cyber-criminals have to blackmail you.
5. Implement security awareness training
Creating a strong cyber-security culture within your business starts with trust. People need to feel safe asking questions — even the “silly” ones. That’s because many attacks succeed not through tech, but hesitation. When someone’s unsure what to do and doesn’t want to look foolish, mistakes can happen.
Regular, tailored training goes a long way. It can help plug the specific gaps in your team’s knowledge and keep everyone up to speed with the latest tactics cyber-criminals use — like fake emails that trigger fear, or sneaky links designed to catch people off guard.
Hackers often rely on risky habits, like password reuse or rushed decision-making. So it’s vital to give employees the tools, confidence and awareness to spot threats and stay one step ahead.
Cyber-security isn’t just an IT issue — it’s a shared responsibility. And the more empowered your people feel, the stronger your defence becomes.
Download your free guide to cyber risk
If you rely on systems, suppliers or customer data, you have exposure.
Download our report for a clear view of the UK threat landscape — and what resilient businesses are doing differently.
✔️ Understand where your business might be exposed
✔️ Benchmark yourself against 1,000 UK businesses
✔️ Straightforward guidance you can act on straight away
Guide to cyber-security for small businesses
Business are exposed to more risks than ever before. Read our guide to cyber-security for small businesses to understand the threats out there and what you can do to mitigate them.
How do people pick their passwords?
According to research, the most common influences on passwords are:
- People’s names (e.g. children's names, fictional characters, friends, celebs)
- Randomly generated
- Place names (i.e. towns, cities)
- Numbers
- Animals (pets)
- Things or objects
- Key calendar dates
- Bands or musicians
- Sports teams
- Food
The names of people we know are the most commonly used for passwords. When choosing your passwords, it is best to avoid using names of family members or your favourite Harry Potter character. This is because it might put you — and your business — at greater risk. The chart to the right shows it’s a pattern of behaviour that can be easily exploited.
Once you've completed a quote, you'll be able to view a summary of cover. Please always refer to your policy documents for full details around exclusions, terms and limits of your customised cover. Read our guide to understanding your policy documents.
- 23 Mar 20264 minute read
Simple steps to prevent employee data misuse
Combat insider data misuse with simple steps. Learn how to protect your data and how insurance can help.
- 20 Oct 20255 minute read
How to handle a tech outage
A sudden tech outage doesn’t have to halt your business. Here are some practical ways to prepare and respond.
- 28 Apr 20254 minute read
Is now the time for cyber insurance?
In our increasingly digital world, and with cyber crime on the rise, is there an optimum time of year to buy cyber insurance?
Authorised by the FCA
The FCA supervises UK financial services firms to protect consumers. We are directly authorised and regulated by the FCA and our Firm Reference Number is 656459. These details can be confirmed on the Financial Services Register at www.fca.org.uk or by calling the FCA on 0845 606 1234.
A-rated financial strength
Our insurance products are underwritten by Standard & Poor’s A-rated financial strength or higher. This means the underwriter has been independently assessed by the world’s leading credit rating provider and found to have a strong capacity to meet financial commitments (pay claims).
Protected by the FSCS
If you are a business with an annual turnover under £1m, charity with an annual income under £1m, or trust with net assets under £1m, then you will be entitled to compensation from the FSCS in the unlikely event we cannot meet our obligations. Full details and further information on the scheme are available at www.fscs.org.uk.