top of page

Cyber-criminals are always shopping for the next big opportunity – don’t let it be you!

Earlier this year a report was released that suggested 70% of young people plan to start a company in the next twelve months. And it’s down to two key factors that they are able to flex their entrepreneurial muscles - social media, where they have the opportunity to utilise it as their retail platform and the Covid-19 pandemic which saw retail transform as businesses either launched online, or joined online marketplaces.

Yet, the majority don’t realise how much their business is vulnerable to a cyber-criminal, especially with cyber-crime on the rise - last year alone £2.5billion was stolen from UK businesses.

One example of how a business, which operated on social media, became a victim of a cyber-crime was widely reported. A Welsh holiday company that had previously had TV personalities Joe Swash and Stacey Solomon as guests, had its Instagram account hacked and the perpetrators were demanding money for the return of the account.

The celebrity involvement may have brought this to the media’s attention, but many go unreported. The impact of an account takeover of this type of business can lead to significant financial loss, but also a negative impact on its reputation.

There are many micro and small companies that operate using a social media platform as their main route to business. Social media can help your business attract customers and build customer loyalty. It can be particularly attractive to those very small organisations keen on minimising their running costs.

If you are using a social media platform to run your business, then what can you do to improve your cyber resilience?

There are some simple steps you can take:

· Use a strong password – The National Cyber Security Centre (NCSC) recommends using three random words, and you could then include capitals, numbers and symbols, for example pian0Bottlecurta!n.

· Enable Two-Factor Authentication – by using two-factor authentication once your password has been accepted, a further form of authentication is required so that access can’t be gained if the hacker doesn’t have that connected device.

· Don't fall for Phishing - don’t click on unknown links or files that you have received as these could potentially download malicious software to your device or send you to a site set up to deceive you into giving sensitive details such as passwords.

· Check Login Activity – By looking at previous activity you may identify a log on location you don’t recognise, it could be a sign that an unauthorised person has accessed your account. If so, log out and change your password.

· Update your software (Patching) – if an update becomes available then install it. These updates often include security fixes when vulnerabilities are identified.

· Secure Payment Options – if you are conducting e-commerce through social media add a passcode to your credit card which will add an extra layer of security.

· Revoke Access to Third-Party Apps – have a look how many third-party apps connect to your app. These are there to provide additional functionality but it's easy to lose track of how many apps you've connected to your account and review whether they need to have access.

By taking these steps you reduce the chances of a cyber-criminal taking over your business, enabling you to continue to successfully trade.

To help you set up multi-factor authentication we have collated these useful links for the following social media platforms:







The National Cyber Security Centre also provide the following guidance for setting up two-factor authentication for email accounts:

The Cyber Resilience Centre for Wales is there to support sole traders, micro-businesses and SMEs across the region. We offer free membership which will inform you of the current threats and simple steps to take to reduce your vulnerability to an attack. By becoming a member, you will have the opportunity to speak to one of the team about your own cyber security and concerns.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page