Skip To The Main Content
28 January 2019

Data Protection: top tips for small businesses

Today is Data Protection Day, an international event to raise awareness and promote best practices on privacy and data protection.

FSB research revealed that two thirds of small businesses were unaware of the risks of cybercrime or might be aware of it but do not consider it to be a risk to their business. But alarmingly 66% of SMEs have been affected by cybercrime.

This is a stark reminder of the growing risks from cybercrime that businesses face, as we know that small businesses can be particularly susceptible to this type of crime. One simple step to keeping your data safe is to use strong and random passwords, yet only 25% of SMEs have a ‘strong’ password policy in place.

So how should small firms protect themselves? The first stop should be the National Cyber Security Centre website and Twitter feed to ensure you stay up to date with the latest advice. FSB offers its members a cyber-advice line and cyber insurance protection, which could prove invaluable in the event of an attack.


As always, there are several free and simple steps that business owners can take to reduce their risk of contracting all types of malware including ransomware, of which WannaCry and Petya are just two:

  1. Ensure software and devices are kept up to date and all available security patches are installed. Upgrade devices to their latest operating system version where possible.

  2. Have a robust and regular backup solution which allows to recover from a malware outbreak. Having an offsite or cloud backup is also invaluable in the event of a natural disaster or accident such as a flood or fire. 

  3. Raise awareness of cyber security risks and promote vigilance within the company. Employees are often a last line of defence against attacks that have bypassed technological barriers and a simple action such as not opening an email attachment may prevent a huge impact to the business.

If a small business is concerned about contracting ransomware or other malware, FSB’s Cyber Advice Line is able to expand on the advice above and provide actionable steps on reducing the risk for your business. In the event that your business becomes infected with ransomware, the FSB Cyber Advice Line is able to help you manage the incident and can provide advice on preventing the spread of the malware and recovering from the infection.

Beyond ransomware and other types of malware – such as viruses, spyware, Trojans and worms – small businesses are susceptible to other types of cybercrime - one of the fastest growing areas of crime globally. These include phishing and spear phishing emails, whaling, and CNP (card not present) fraud.

‘Invoice fraud’ phishing attacks are becoming all too common in the small business sector. This is where a business email account is illegitimately accessed and used to send, or modify, customer invoices with altered payment details. Such crimes often cause thousands of pounds of lost revenue and have a high success rate.

A cybercrime incident costs a small business victim nearly £3,000, and takes more than two days to recover from. According to a recent report FSB published, a staggering seven million cyber-crimes are committed against smaller businesses in the UK every year.

Please don’t take risks – ensure you’re following the best expert advice and also have specialist cyber insurance in place.