5 Quick Security Tips for Small Businesses

For small businesses, cyber security should be at the front and centre of any good
digital strategy. 38% of small or micro businesses have experienced a breach or
an attack[1], compromising data, costing money and worst of all, causing them to miss out on valuable business opportunities. Fortunately, even simple security measures can make you far less vulnerable to bad guys on the lookout for ‘low hanging fruit’. To help out, we’ve put together some essential security tips for small businesses:

1. Improve your password hygiene

Most cyber attacks exploit the most vulnerable part of your technology: The human using it. In its simplest form, ‘hacking’ will involve trying a list of the most common passwords for secure business logins. This might seem ludicrously low tech, until you learn that two of the most common passwords used in 2021 are ‘123456’ and ‘password’. To opportunistic criminals, this is like leaving your front door open when you leave the house. Strong, unique passwords for all your business critical applications and accounts are essential - no excuses.

What to do next: Perform a password audit for you and your team and change any obvious or duplicate codes. There are plenty of secure password generators available online and tools like Apple Keychain and Google Chrome will even remember and store them securely.

2. Implement two-factor authentication

Much like password hygiene, 2 factor authentication is a really simple but effective measure that makes you far less likely to be the victim of a cyber attack. Most key software accounts (Google, Apple, Microsoft) will offer 2 factor authentication as standard and all it requires is a secure mobile number, or backup email address. Each time you log in, you’ll be asked to input a unique code that’s sent to the mobile number or email address you’ve listed before you can access your account. It’s highly effective too; Google conducted research that suggests this simple change can block up to 100% of bot attacks, 99% of bulk fishing attacks and 66% of targeted attacks[2].

What to do next: Where possible, activate 2 factor authentication on all business accounts. Make sure the back-up accounts and numbers are kept secure too!

3. Use a VPN for flexible working

Thanks to a global pandemic, there’s been a massive shift made by businesses of all shapes and sizes towards flexible working. In many cases this hybrid approach has been brilliant for productivity and satisfaction, but it has also meant that many more devices are regularly connecting to home and public networks that don’t have the same level of protection as their business counterparts. VPNs present a simple solution for businesses who want to share secure data from home. By using an encryption process, data sent through an unsecured network using a VPN is much harder for an attacker to access, which in turn means you and your people can work and collaborate from almost anywhere securely. It doesn’t cost the earth either; VPN subscriptions can start from just a few pounds per month.

What to do next: Take stock of who’s working flexibly for your business and what kind of work they’re doing at home. Once you know what kind of protection you’ll need, you can pick a VPN that will suit your requirements and budget.

4. Consider investing in 'business only' devices

Should you let your people use their own devices for work? It definitely saves on the procurement costs and training time of providing work laptops and mobile phones, but does it open your business up to unnecessary risk? Accidental data loss or instances of malware are not uncommon when it comes to personal devices, especially if they’re being used by a whole family. What’s more, if your people are now working from home most of the time, the case for providing secure, reliable technology is even greater, especially when factoring in additional considerations like productivity and comfort. It’s by no means a ‘must do’ for security, but if you find that most of your business is being run through personal devices, now could be the time to make the switch.

What to do next: Talk to your people. How often are they using personal phones and laptops for work? What kind of business data are they accessing through them? This information should help guide your decision making process.

5. Keep up to date with cyber crime trends

It’s no exaggeration to say that when it comes to cyber security, knowledge is power. Understanding what kind of attacks and breaches are most commonly used by cyber criminals can really help guard your own business against falling victim to the same thing. For example, 83% of attacks on small businesses in 2021 were from phishing[3], a technique which attempts to collect sensitive information by sending emails from legitimate looking accounts. Simply understanding where the threats to your business are likely to come from allows you to educate your people and take proactive steps to prevent attacks, whether that’s investing in more robust security solutions, or seeking expert help.

What to do next: Make a habit of checking IT and security news for information about the latest cyber security trends. Be proactive in ensuring you’re prepared to deal with potential threats.

We hope you enjoyed this latest article on digital best practices for small businesses post lockdown. For more insights and articles designed to help small businesses unlock their digital potential, you can visit our Insights hub.


[1] ‘Cyber Security Breaches Survey 2021’, Department for Digital, Culture, Media and Sport.

[2] New research: How effective is basic account hygiene at preventing hijacking, May 17, 2019.

[3] ‘Cyber Security Breaches Survey 2021’, Department for Digital, Culture, Media and Sport.

Share this article:

Latest insights


Like this article? You may also be interested in these too!