The world is suffering increasing numbers of cyber-attacks from hackers and other mischief makers. So how can you protect your business? As experts in risk management, we can help. Here are our 32 top tips for better business cyber-security.

32 tips for better business cyber-security

100% perfect cyber security is impossible, but there are plenty of simple ways to ensure your business IT security is effective in today's fast-changing digital environment.

  • Take a long look at your current security measures, if you have any – are they fit for purpose?
  • If it isn't already in writing, create a formal IT security plan including the top priorities and everyone's responsibilities
  • Update your operating system whenever there's a new version – don't delay
  • Make IT security part of your new staff induction training and hold regular refresher courses to deal with new cyber-risks
  • Set Windows Update to apply patches and updates automatically so you don't forget. The same goes if your website is on the WordPress platform
  • Check Windows PCs are up to date via the Windows Security Centre
  • Regularly check that all your tools, apps and software are up-to-date
  • Add good anti-virus protection to every computer in the business, and every mobile phone that your people use for work, plus tablets and any other tech that can access the internet
  • Let staff know they should never switch off their anti-virus software
  • Make sure you use the latest version of a modern browser
  • Train your people not to install their own software, run internet scripts or use removable media
  • If a machine gets a virus, enable User Account Control to minimise the damage
  • Train people to only use very strong passwords and user names, never things like 'admin'
  • Teach people to sign out of their machines at lunchtime and the end of the day, and never leave an unattended computer switched on
  • Turn off guest accounts completely and don't let non-account holders onto the system
  • Use a firewall and keep in switched on
  • Make sure your PCs can't be physically stolen, and secure your servers
  • Back up company data every day and store the files somewhere secure
  • If an employee leaves the company, remove their system permissions completely, straight away
  • Make sure new staff know not to open attachments or emails from unknown sources, download software, or hand over personal or commercial information
  • Make sure your people know about the latest scams so they know what to look out for, including phishing attacks and social engineering attempts
  • Train your people to always keep their passwords secret, even from their colleagues
  • Only give employees permission to access the data they need, not the whole system
  • Remove temporary access permissions as soon as they're not needed any more
  • Make sure any remote workers, home-workers and freelancers are all fully aware of cyber security
  • Use strong data encryption like BitLocker to protect company data
  • Always use a Wi-Fi router's security settings to encrypt and password-protect connections
  • If your data is particularly sensitive use a VPN, a Virtual Private Network
  • Never let employees set up their own wireless network using a personal Wi-Fi router
  • Choose a cloud service that's guaranteed secure and use it in a secure way – never use free cloud storage
  • Avoid storing sensitive information in the cloud and always use strong passwords and user names for cloud access
  • Zip and encrypt all files on the cloud and protect them with a strong password


Do all this and your business will be basically secure. We can also help you minimise the chances of all sorts of business risks happening, keeping you safe in more ways than insurance alone. Ask us for details of our professional risk management services.

Posted on 8 August 2017 Reading time 5:15 mins

Helping business grow with confidence, and individuals protect their finances