How to keep your business safe online

Cyber Awareness Month is here! We want to share our top tips for keeping your business safe online.

In the UK, half of businesses (50%) reported having experienced some form of cyber security breach or attack in the last 12 months*. This increases year after year.

While the figures sound daunting, your business can stay one step ahead of cybercrime. All you need to do is improve your cyber hygiene in a few easy steps.

 

Stay vigilant to phishing risks

91% of cyber-attacks are launched via phishing (malicious emails). It’s important for you and your staff to know what a phish looks like and what to do when you receive one. Check for signs of phishing such as:

  • Unexpected emails with urgent requests (e.g. to share sensitive information or pay an invoice)
  • Emails that aren’t addressed to you directly (e.g. ‘Dear customer’)
  • Suspicious links, attachments, or QR codes in emails
  • Too good to be true offers (e.g. investment opportunities).

 

If you receive a phish, you should report it immediately to the National Cyber Security Centre -  report@phishing.gov.uk.

If you receive a suspicious email pretending to be from Santander, you should report it to phishing@santander.co.uk.

 

Look out for HMRC scams

HMRC scams are common. Tax rebates are not.

If you get a call, email or text claiming to be from HMRC stop and think before acting.

Visit the HMRC website to:

  • Find out how to report suspicious calls, emails or texts
  • See examples of scam emails and texts
  • Check a list of genuine HMRC contacts.

 

Keep your devices safe

Your staff might use corporate laptops or bring their own. Either way, devices that contain company sensitive information need to be protected.

Make sure all devices are:

  • Secured with strong passwords or passphrases. Enable multi-factor authentication (such as fingerprint recognition or PINs) on all devices.
  • Backed up. Often. Reduce the risk of loss of information if the device is lost or stolen.
  • Updated with the latest security patches. Often. Have auto-updates enabled where possible.
  • Not connected to public, unsecure Wi-Fi hotspots. Reduce the risk of unauthorised access to data or the device.

 

Protect your information

Your business’ reliance on sensitive data is bigger than you might think. Customer details, strategy documents, HR data – it all needs to be protected.

When handling sensitive information make sure you:

  • Have policies on correct data handling. For example, a policy that ensures confidential information is encrypted.
  • Consider restricting higher access levels to need-to-know roles. For example, restricting strategy document libraries to senior leaders.
  • Regularly review and audit the information you keep. Do not store too much information that is no longer needed or non-compliant.

 

Complete our interactive Cyber Heroes training

To celebrate Cyber Awareness Month, we’ve launched some new customer training, Cyber Heroes. Work through real-life scenarios and put these tips into effect to keep businesses and people safe online.

Take the training here.

 

Report fraud

If you think you’ve been targeted by fraud or a scam, read our page on how to report it.

If you’re concerned call us straight away. We can protect your account.

You can call our fraud team anytime on 0330 123 9860 or 0800 011 3414 (freephone). If you're outside the UK call us on +44 1908 237 968.

 

*Cyber security breaches survey 2024 - GOV.UK