7 Online Security Tips for Small Businesses

7 Online Security Tips for Small Businesses

7-Online-Security-Tips-for-Small-Businesses-BLOG (1)

The rise in cyberattacks against businesses makes it more important than ever to keep your systems secure. For many small businesses without in-house know-how, this can seem an uphill challenge. To help, here are some useful tips to keep your business protected from a range of the most important threats.

1. Take out insurance

Cyber liability insurance is now available for businesses and most policies cover first and third-party financial losses resulting from an attack. They may also cover the cost of reputational damage caused by data breaches.

With cyberattacks costing small businesses an average of around £8,200, taking out insurance could be a wise decision that, if the worst happens, prevents your venture from going under.

2. Backup your data regularly

Backing up your data regularly so that you always have an up-to-date copy is essential if you want your business to recover quickly from cyberattacks that corrupt, destroy or block you from accessing data.

Of particular note here is ransomware, a form of malware that encrypts your data and for which you need to pay a significant ransom fee to the cybercriminals to get a decryption key and restore access. In situations like this, a backup means you won’t need to pay the criminals as you already have another copy of your data to restore your system.

With gangs attempting to attack almost half of all UK organisations last year, a remote backup solution that also encrypts data and verifies its integrity is the most effective way to recover swiftly from a wide range of cyberattacks.

3. Beef up your logins

Two-factor authentication is now a widely used login protocol that requires users not only to input a username and password, but also a code sent to their phones. Yes, it can be a bit of a pain to keep doing this, but it is far less painful than becoming the victim of an attack.

It is also highly secure. Unless the cybercriminal has access to your mobile phone, they’ll be unable to see the additional code and as this only works for a few minutes, they won’t have time to guess it before it changes.

That said, even with two-factor authentication, users should still use complex passwords. If you cannot remember them, then use a password manager that will do this for you.

4. Update software asap

As firms rely on more and more software for their websites and business systems, they can be bombarded with notifications reminding them to update to new versions. While it can be a burden to keep software up to date, failing to do so puts your business at risk.

Many of those updates will have been created to fix security vulnerabilities discovered in the software and if you don’t update, your website or system is left open to attackers.

What many small businesses don’t know is that cybercriminals send out bots to scour the internet looking for out of date software. This enables them to target attacks against websites and systems they know they can exploit. If you have a CMS website (e.g., WordPress) you can protect yourself against this by using the Patchman security tool.

5. Install an SSL certificate

SSL certificates encrypt data sent between a user’s browser and your website, ensuring that cybercriminals cannot intercept and steal that information during transit. This is vital for any business whose website enables customers to send personal or sensitive data, such as banking details.

Today, many payment gateways will not allow you to use their services unless you have an SSL certificate installed. Not having one also results in your website being labelled as ‘not secure’ on browsers and can cause your site to be downranked in search engine results.

With an SSL, you’ll have the secure padlock icon displayed on the browser and might see your site get more search engine traffic.

6. Defend your email

Phishing has become a major problem for companies, with cybercriminals often targeting employees with fake emails. These come in various forms, some stealing login details or downloading malware onto the system, while others that impersonate company executives are sent to finance staff directing them to make payments to the cybercriminals’ accounts.

Staff need to be taught to recognise phishing emails as part of their training and businesses need to make use of robust email filters, like SpamExperts, that detects and removes suspected phishing emails from your inbox.

To protect your staff and customers from phishing attacks that use your company’s identity in fake mails, you should also consider using Personal Signing Certificates.

7. Go with a secure host

Choosing the right web host can also help you stay secure from cyberattacks. With advanced firewalls, intrusion, malware and DDoS prevention, and a wide range of other services, such as SSL, Patchman, SpamExperts, Personal Signing Certificates, VPNs and remote backups, you can have a complete arsenal of tools to defend your business.


Without the in-house experience or the budget to implement deploy robust security, small businesses can be especially vulnerable to cyberattacks. Hopefully, the information provided here will help you find affordable and easy to implement solutions to address many of the major threats facing SMEs today.

For more information about our secure hosting solutions, visit our homepage.