In a business, keeping safe online isn’t just “someone else’s job”.

Impersonation fraud, data breaches, ransomware attacks and other cybercrimes happen to businesses like yours every day.

Businesses and charities are some of the most attractive targets for fraudsters, tending to have more money and hold more data than private individuals. The outcomes of a cyber or information security incident can range from inconvenience to considerable financial losses, reputational damage and even business failure.

With around 95% of all cybersecurity issues traceable to human error**, It’s vitally important that everybody in your organisation – whatever their role – takes responsibility for online safety and doesn’t pass it off as “somebody else’s job”. After all, it can take only one slip-up to cause a major cyber incident.

Safeguard your business from online threats with these top tips:

Make effective cybersecurity part of your organisation’s culture, starting with new joiners and continuing with regular training and education sessions for all employees (and where appropriate, contractors and in the case of charities, trustees and volunteers).
All passwords should be chosen, used and protected carefully, with a different one used for every online account. Using three random words and adding capitals, numbers and symbols is a good way to start.
Updates to software, apps and operating systems should always be downloaded when prompted, as they frequently contain security fixes. Better still, your systems and programs/apps should be set to download updates automatically.
Reputable internet security software and apps should always be loaded, kept updated and switched on.
Confidential financial information or details of customers, employees and other stakeholders (organisations or individuals) should never be revealed in response to emails, phone calls or letters. All such requests – or instructions to make payments or change payee details – should be checked as being genuine, as communications may not be from whom they seem. If in doubt, it’s best to call the company phone number which you have on file.
Attachments, or links in emails, texts or social media should never be clicked on if the source isn’t 100% known and trustworthy. Check if a website is likely to be legitimate or fraudulent at www.getsafeonline.org/checkawebsite.
Customer and employee data should be protected at all costs to avoid breaches and contravening data protection legislation. Access to all company data by both employees and third parties should be closely controlled.
You should also consider gaining certification to the government’s Cyber Essentials scheme. If you want to do business with the government or are in a government supply chain, you may be obliged to do this anyway.

For expert, practical, free advice visit www.getsafeonline.org/safebusiness

Explore our range of useful free to use tools to help your business and yourself keep safe online, at www.getsafeonline.org/selfhelptoolcentre

Get Safe Online offers partnership programmes which support businesses to safeguard themselves and their customers and other stakeholders from online threats. To enquire, visit www.getsafeonline.org/becomeapartner

*The Cyber Security Breaches Survey, April 2024 from the UK Department for Science, Innovation & Technology and the Home Office reveals that 50% of businesses and 32% of charities report having experienced a cybersecurity breach or attack in the last 12 months.

**World Economic Forum