Contact Us

A cyber attack is when an online criminal or state, often known as hackers, gains unauthorised access to a computer system in order to steal, change, expose or destroy information.

The government’s Cyber Security Breaches Survey 2022 found that almost four in 10 businesses had been a victim of cyber crime in the previous 12 months with £4,200 the average cost for organisations reporting a material outcome, such as loss of money or data.

The report also found that attacks are becoming more frequent with 31% of those targeted by cyber criminals being hit at least one a week.

To prevent their businesses from being negatively impacted by cyber crime, it’s important that everyone is well prepared and business owners take responsibility for the security of their business and themselves. This guide outlines how small businesses can develop an effective cyber security strategy – you can read a complete guide by the National Cyber Security Centre here.

Cyber Threats

There is a wide range of threats which can be deployed by people who wish to do you or your business harm ranging from simple attacks which can be carried out by anyone with a laptop and an internet connection to groups dedicated to this kind of activity who are well organised and funded.

Some common threats include:

Phishing: Fraudulent emails or text messages, which often appear to be from a legitimate company, asking the recipient to send personal information such as passwords and bank details. The government’s Cyber Security Breaches Survey 2022 found phishing was the most popular cyber attack by businesses who had fallen victim to hackers.

Malware: Software that gets unauthorised access to a computer and causes harm. Viruses, which infect legitimate software, are a common form of malware. Ransomware is another one. This is when a criminal blocks access to data or systems until a ransom is paid.

Denial of service: An attack designed to shut down computer systems so they can’t be accessed by legitimate users by flooding systems with traffic. This is often used as a distraction to overload defences in order to carry out other more destructive attacks.

Cyber security tips

To combat cyber-attacks, there are various actions businesses can take.

Provide employee training

Employees should be trained in cyber security and how to work safely online. They should know how to spot a potential cyber-attack and how to report it should one occur.

For example, staff should be educated in the threats posed by phishing emails. It’s common for criminals to send emails which appear to be from the boss of the company asking employees to make a payment to a bank account. The emails might also ask the recipient to click on a link. Doing so could lead to malware being installed.

Signs of phishing to look out for include bad spelling and grammar, poor quality branding and a veiled threat to act quickly.

NCSC provides a free online cyber security training course for staff and training for small businesses. It also has Exercise in a Box, a tool you can use to find out how resilient your business is to cyber-attacks and practise your response in a safe environment.

Secure passwords

All your devices and online accounts should be protected by complex, unique and secure passwords. Many modern devices also use fingerprint and face recognition which can replace a password.

Avoid using predictable words such as your pet’s name or phrases like ‘password123’ that a criminal could easily guess. The NCSC says: “A good rule is make sure that somebody who knows you well couldn't guess your password in 20 attempts.”

To cut down on the passwords you need to remember, you can use a password manager. This is a tool which stores and creates multiple passwords that you access using one master password.

For important services such as banking and social media, switch on two-factor authentication. This adds an extra layer of security by requiring two methods to verify your identity such as adding your email address and password followed by a code sent to your phone as a text message.

If you suspect a cyber attack has occurred, you should change your passwords as soon as possible.

Backup your data

You should make sure you regularly backup important business data such as customer details, payment information, documents, emails and photographs. This means you’ll have a copy if your company is attacked.

The NCSC advises that backups should be restricted so they are not accessible by employees and not permanently connected to the device holding the original copy. Malware can also infect back up storage devices such as a USB stick.

Keeping backups in a different location, such as using cloud storage solutions, is also recommended. It’s a good idea to regularly test that back-ups are working correctly.

Install antivirus software

Antivirus software plays a key role in preventing cyber attacks and is one of the easiest ways to protect your business.

You should install anti-virus software from a reputable company on all devices you use.

Run regular scans from your antivirus software and immediately deal with any issues that a scan identifies.

Switch on firewalls

A firewall monitors traffic coming in and out of a computer or network. It acts as a buffer between your systems and external networks, such as the internet, to block threats.

A basic firewall is included with most operating systems, however professional can offer a wider range of protection and assurance.

Use up-to-date software

All software, operating systems and apps should be kept up-to-date with the latest versions from vendors. This ensures you get critical security updates that protect your devices. 

Automatic updates should be switched on where possible and when updates are no longer available because support has been withdrawn by the developer, you should consider replacing it with new software. The government’s Cyber Security Breaches Survey 2022 found 16% of businesses are still using old versions of Windows which are no longer supported. This leaves them more vulnerable to cyber attack

Date published 28 Jul 2022

This article is intended to inform rather than advise and is based on legislation and practice at the time. Taxpayer’s circumstances do vary and if you feel that the information provided is beneficial it is important that you contact us before implementation. If you take, or do not take action as a result of reading this article, before receiving our written endorsement, we will accept no responsibility for any financial loss incurred.

Resources

Other pages within this section:

Previous Next