What every start-up should know when setting up in business

Updated: Jun 25

Last year, over 8,900 people in Wales launched a new company, according to recent figures from the website Capital on Tap, which compared to 4,400 in 2019 is more than double.


And, with 98% of UK businesses now operational online in one way or another, benefiting hugely from the use of websites, social media, staff email addresses, online banking, and the ability for customers to shop online, it’s no surprise that cybercrime is on the up.


Latest government statistics show over four in ten (43%) of all businesses and charities experienced a cyber breach or attack in the past year. This included computer viruses, hacking, theft of data and theft of financial information. And it can happen to ANYONE!


So, as a start-up business, along with the usual checklist of things you must do – such as registering yourself with Companies House, setting up a bank account, getting clients and customers - what cyber security should you be considering to ensure your brand-new company is as safe as it can be?


We have compiled a list below of the top five steps you should do when setting yourself up in business.


1. Backing up your data

No matter how small a business you have, regular backups of your important data should be made, making sure this is part of everyday business and can be easily restored. Identify what data does need backing up, and always keep your backup separate from your computer. One option is using cloud storage (this is where a service provider stores your data on its infrastructure) and means your data is physically separate from your location.


2. Protecting yourself from malware (malicious software/web content that can harm your business)

The most well known viruses which are self-copying programs and can infect your software. So, to tackle these unwanted invaders, what should you consider.

· Install and turn on antivirus software

· Keep all your IT equipment and software up to date.

· Ensure the number of USB drives and memory sticks you use are kept to a minimum - it only takes a single user to inadvertently plug in an infected stick (such as a USB drive containing malware) to devastate the whole organisation.


3. Keeping your smartphones and tablets safe

These are equally if not more important to protect against cyber criminals as they operate as an extension of the office. Always switch on your password protection and keep your device and its apps up to date and never connect to unknown Wi-Fi hotspots.


4. Always use passwords to protect your data

Keeping your confidential information is crucial and passwords are an effective way to protect yourself from unwanted users accessing your devices.

· When buying your new computer, laptop or mobile, you must change the default password – this is the start-up password that comes from the manufacturer.

· Make sure you switch on password protection.

· Avoid using predictable passwords.

· Use two-factor authentication for your important accounts (this is where you require two different methods to 'prove' your identity before you can use a service, such as a password plus a code).


5. Avoid phishing attacks (and no this is not a spelling error)

This is where attackers send fake emails asking for sensitive information (you probably have already received at least several), ultimately trying to get you to send money and steal your details. Staying one step ahead in identifying what these emails look like will is key. So, here’s what to look out for…

· Bad spelling and grammar or if the email has graphics on (company logo etc.) then is the design what you would expect it to look like?

· Does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.

· Does the email contain ask you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.

· Look out for emails that appear to come from a high-ranking person within your organisation, requesting a payment is made to a particular bank account. Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?


Here at The Cyber Resilience Centre for Wales, we offer a range of services for businesses to help identify your digital vulnerabilities and weaknesses or, if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online.


We also offer a range of membership packages including its free core option that are designed to help your business become more cyber resilient.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.