Are you an adviser? Go to Unbiased Pro

Cyber security for your small business: why is it so important?

7 mins read
by Nick Green
Last updated Monday, December 11, 2023

If you run a business today, having good cyber security is as important as having locks on your office doors (perhaps even more so).

What’s more – unlike physical locks – cyber security is an ongoing process of protecting your business, your employees and your customers against ever-evolving threats.

To protect your business effectively, you first need a good understanding of the threats that arise from using digital technology.

In this article:

  1. What is cyber security?
  2. Why is cyber security important?
  3. What are the main cyber risks for small businesses?
  4. Five steps to safeguarding your business
  5. Protecting your customers
  6. Maintaining cyber security

What is cyber security?

Cyber security is a blanket term that refers to all the measure you take to protect your IT systems from deliberate or accidental harm.

It covers everything from minimising the risks of lost data or hardware, to defending against malicious attacks, hacking, viruses and digital espionage.

The government recommends 10 areas that cyber security should cover.

  1. Risk management
    A robust central strategy for addressing cyber risks.
  2. A secure configuration
    Your IT system should be kept up to date and free of unnecessary functionality.
  3. Strong policies for remote working
    Be aware of how home working could open up vulnerabilities in your system.
  4. Good incident management
    What are your policies for responding to a cyber crisis?
  5. Malware protection
    Do you have sufficient protection from viruses, ransomware etc?
  6. Correct user privileges
    Make sure no-one has more user privileges than they need to do their job.
  7. System monitoring
    Do you have the means to spot attacks or problems as they happen?
  8. Secure networks
    Think about where your data is stored and processed, and where it could be vulnerable.
  9. Controls over removable media
    What hardware / software can workers take off-site, and could they create vulnerabilities?
  10. User education
    Are your people sufficiently trained in cyber security?

Read on to find out more about the areas of cyber security that are most relevant for small businesses.

Why is cyber security so important for small businesses?

While larger corporations might seem like more appealing targets, small businesses are equally vulnerable to cyber threats, if not more so.

These businesses often lack the extensive security measures and dedicated IT departments that larger enterprises can afford.

A cyber attack could lead to data breaches, financial losses, and reputational damage that might be insurmountable for a small business.

By implementing robust cyber security practices, such as regular software updates, employee training, strong password policies, and firewall protection, small businesses can effectively safeguard their sensitive information and maintain the trust of their customers.

Investing in cyber security is not just a defensive strategy; it's a proactive step towards ensuring the long-term success and sustainability of your small business.

What are the main cyber risks for small businesses?

The main motivation behind cyber-attacks is usually financial, though pure malice can also be a factor.

Money-motivated criminals will be after your data, specifically things like private financial information, customer details and account credentials, with which they could go on to commit fraud, theft or extortion.

Here are some of the common methods used by cyber-attackers.


Malware is any software program created to steal information from a computer or network.

These programmes commonly spread through internet downloads.

At its most sophisticated, malware can allow criminals to remove sensitive data and even control the compromised device or server.


Phishing is the attempt to gain sensitive private information through fraud.

It often takes the form of emails that mimic customers, suppliers, companies and even governments in an attempt to trick the reader into opening attachments containing malware or entering their login details into fake websites.


Ransomware is a particularly nasty breed of malware that locks down a system and prevents users from accessing files or using certain programs until a ransom is paid.

Today, criminals usually want to be paid via a credit card or cryptocurrency. There is of course no guarantee that paying the ransom will help in the slightest!

DDoS attacks

Cyber-criminals don’t have to infect your systems in order to cause havoc.

They can also use tactics like distributed denial of service (DDoS) attacks, where they flood a website or server with requests in order to overwhelm it and force it offline.

These attacks can be used to gain access to a company’s computer system or simply to find vulnerabilities that can be exploited later.

Cyber criminals are constantly working to come up with new methods to bypass cyber security systems.

This is why businesses need to think about cyber security as an ongoing process, in order to stay one step ahead.

Five steps to safeguarding your business

Proactivity is key to cyber security. It is far preferable to have strong defences in place already, rather than trying to react when an attack takes place.

Here are some steps you can take now to make sure you are as protected as possible.

1. Passwords

Passwords are still the best tool to prevent data theft. But they need to be good ones.

A strong password uses numbers and special characters, as well as both upper and lower-case letters. Also avoid using words that are in the dictionary.

A good tip is to take two memorable words, put them together and then turn some letters to numbers. So ‘Badger Fox’ could become B4dg3rF0x or better still *B4dg3rF0x*.

Use different passwords for different programmes or systems, just in case someone with bad intentions (such as a disgruntled employee) does get hold of one.

2. Staying updated

You are not alone in battling against cyber-crime. Every programme or device you use will be trying to protect you as well, but you need to keep everything updated.

You can usually set your devices to update automatically, and you should be prompted about the newest versions of the programmes you use.

3. Back up your data

All of the essential information that your business depends on needs to be stored in more than one place.

This means you can retrieve it quickly in the event that it is stolen or destroyed.

This backup should be stored on a completely different system to the one you mainly use, or on a physical hard drive.

4. Antivirus and firewalls

This software works to detect and filter out damaging viruses and files from getting on to your computers.

You should have these on every device used for business functions, including your personal phone and computer.

5. Educate your staff

You won’t be able to completely stop phishing emails getting through, or ensure that your employees never come into contact with malware-infested websites.

If you take the time and effort to make sure everyone at least knows what to look out for, how to avoid it and what to do if they accidentally click on a bad link or attachment, you will be much safer. Remember:

Nigerian princes have much better ways to ship gold into the UK than by emailing random people.

Protecting your customers

Your customers will be concerned about cyber safety too.

If you store things like email address, home addresses and especially payment details, it is up to you to make sure this data does not fall into the wrong hands (or you could be held liable for a huge amount of money).

As well as taking the steps outlined above, you may also want to think about the following steps.

  • Create a privacy policy document that sets out exactly what data you store and how you use it. Make this available to all new and existing customers.
  • Encrypt user data.
  • Use third party processors to handle customer financial information. This means you only verify that information is correct rather than store it directly (these companies are likely to have more stringent and up to date security measures in place).
  • Regularly test your website or computer infrastructure for vulnerabilities.
  • Put a disaster recovery plan in place in case data is lost or stolen.
  • Take out cyber insurance.

Maintaining cyber security

Once you’re satisfied that your cyber systems and policies are as secure as possible, be sure to stay on top of it.

If you can get it right at the start, future maintenance should be largely about checking for updates and continuing to train employees well.

Unfortunately, the weakest link in the security chain is often the people who work for you, so time spent on their cyber training is rarely wasted.

Get accounting advice
We’ll find a professional perfectly matched to your needs. Getting started is easy, fast and free.
Find an accountant
Nick Green
Nick Green is a financial journalist writing for, the site that has helped over 10 million people find financial, business and legal advice. Nick has been writing professionally on money and business topics for over 15 years, and has previously written for leading accountancy firms PKF and BDO.