top of page

Simple cyber tips for new small businesses

Since the pandemic the Welsh business start-up community is growing according to recent figures from insolvency and restructuring body, R3 which has recorded that the number of new businesses in the region has risen by more than half since December 2021 – 50.5%.

And, with 98% of UK businesses now operational online in one way or another, benefiting hugely from the use of websites, social media, staff email addresses, online banking, and the ability for customers to shop online, it’s no surprise that cybercrime is on the up.

A cyber-attack costs on average £4,200 which most SMEs and start-ups can’t easily afford so there are a few simple measures you can put in place to make sure your organisation is protected.

We have compiled the list below of the top five steps you should do when setting yourself up in business.

1. Backing up your data

No matter how small a business you have, regular backups of your important data should be made, making sure this is part of everyday business and can be easily restored. One option is using cloud storage (this is where a service provider stores your data on its infrastructure) and means your data is physically separate from your location.

2. Protecting yourself from malware (malicious software/web content that can harm your business)

The most well-known viruses can infect your software so, to tackle these unwanted invaders, here’s what should you implement.

· Install and turn on antivirus software

· Keep all your IT equipment and software up to date – this is called patching

3. Keeping your smartphones and tablets safe

These are equally if not more important to protect against cybercriminals as they operate as an extension of the office. Always switch on your password protection and keep your device and its apps up to date and never connect to unknown Wi-Fi hotspots.

4. Always use passwords to protect your data

Keeping your confidential information is crucial and passwords are an effective way to protect yourself from unwanted users accessing your devices.

· When buying your new computer, laptop or mobile, you must change the default password – this is the start-up password that comes from the manufacturer. Contrary to belief, they are not secure! Make it a priority to change them

· Make sure you switch on password protection

· Avoid using predictable passwords – we recommend using three random words in line with government advice

· Use two-factor authentication for your important accounts (this is where you require two different methods to 'prove' your identity before you can use a service, such as a password plus a code).

5. Avoid phishing attacks

This is where attackers send fake emails asking for sensitive information (you probably have already received at least several), ultimately trying to get you to send money and steal your details. Staying one step ahead in identifying what these emails look like will is key. So, here’s what to look out for…

· Bad spelling and grammar or if the email has graphics on (company logo etc.) is the design what you would expect it to look like?

· Does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.

· Does the email contain ask you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.

· Look out for emails that appear to come from a high-ranking person within your organisation, requesting a payment is made to a particular bank account. Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?

Here at The Cyber Resilience Centre for Wales, we offer a range of services for businesses to help identify your digital vulnerabilities and weaknesses or, if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online.

We also offer a range of membership options depending on what level of support businesses need. Free Core membership provides businesses with access to a range of resources and tools to help them identify risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page