IT security

Technology is at the heart of every small business, with everything from business accounting to marketing and customer support able to be done online. As we do more on mobile, and shift processes to the cloud, ensuring you have systems and processes in place to protect you, your customers and your data are more critical than ever. It’s crucial that you recognise the potential IT security threats that your business faces – and develop plans to tackle them.

IT security issues

The government's annual security survey revealed that in 2024 half (50%) of all businesses and 37% of charities had to cope with at least one security threat in the previous 12 months. Every connection, every device and even every customer could be a danger to the integrity of your IT systems.

The survey revealed that:

• the most common type of breach or attack is phishing (84% of businesses and 83% of charities)
• 35% of businesses and 37% of charities were victims of impersonation crimes (others impersonating them in emails or online)
• viruses or other malware affected 17% of businesses and 14% of charities

Common IT security risks your business is exposed to include:

• Data protection breaches. Data is one of your most significant assets. It's essential that you protect it from IT security threats, including physical dangers (fire, flood and the loss or theft of equipment containing data), malicious attacks and accidental deletion. Remember to comply with data protection and GDPR rules.
• IT security attacks. Hackers and cybercriminals may target your business. They can use sophisticated ways to gain access to your systems, including malicious websites, dodgy software, viruses, malware, spyware or spam.
• Cloud threats.  Storing documents and information in the cloud can be cost-effective and efficient, but it can be risky. Hackers can crack passwords to gain access to your files, including financial information and accounts and customer details.
• Mobile dangers. Using your mobile or tablet for work gives hackers a potential gateway to your organisation. Linked email accounts, cloud software packages and stored passwords on your mobile are all risks you must manage.
• Your employees. Whether by accident or design, the people in your business can be the most significant single source of business IT security problems. Carelessness, fraud or disgruntled employees can all cause security issues.

The potential losses you could face if your systems are compromised are enormous. How would you cope if your business lost its entire customer database, or couldn't send or receive emails?

Support to manage your IT security

Your IT system is only as secure as the people who use it. As well as developing and maintaining robust IT security systems that can secure you against all known threats, you need to ensure that everyone in your business understands the importance of IT security – and is committed to keeping you protected.

To support small businesses, the government offers:

• the small business guide to cyber security from the National Cyber Security Centre (NCSC)
• advice for sole traders and the self employed from the NCSC
• a free NCSC cyber action plan
• a free tool that will allow you to check your cyber security
• advice on how to respond to an attack
• Cyber Essentials - the government-backed certification scheme (The NCSC recommends Cyber Essentials as the minimum standard of cyber security for all organisations) 
• guidance on information and data security from the Information Commissioner's Office

"Introduction to Cyber Security" is an online course from FutureLearn for IT professionals and individuals. It aims to raise awareness of cybersecurity and help people improve their knowledge and skills. Completing the course will give you useful skills to help your business stay safe online.

Creating and enforcing clear and simple IT policies outlines to staff what behaviour is, and isn't, acceptable. By signing up to a safe use policy, your team are taking responsibility for their role in IT security and digital protection.

Finding the right balance between freedom and control is a challenge. If your processes and systems are too restrictive, your staff may seek shortcuts to get the job done. However, if your processes are not rigorous enough, sloppy security processes could provide easy gateways for cybercriminals and hackers to target your business.

Although your legal obligations - most notably data protection and the GDPR rules - are important, don't focus solely on these. Your obligations under the law tend to reflect good business IT security. In most cases, information management is about exercising common sense.

Implementing rigorous IT security controls can give you a competitive edge, helping you win new contracts and communicate to existing customers that their protection is your priority. For example, the Government requires all suppliers of contracts involving personal information and some ICT products and services to hold a 'Cyber Essentials' badge.

Prevent and cure IT security issues

IT security should be an integral part of your business' approach to purchasing and using IT equipment and services. Consider IT security issues and risks from day one. If you wait for a problem to occur before taking action, it's far too late.

There are many preventative measures you can take to build up your business IT security, including installing security software, using a firewall and keeping all software up-to-date.

A security plan lists all the potential risks your business faces, the likelihood of them happening and the damage they might cause. Having a plan forces you to consider the risks methodically and plan your IT security provision properly, ensuring that no danger is missed or ignored.

As well as taking steps to stop IT security problems occurring in the first place, think about how you'd cope if something did go wrong. Having backup options is vital - in the event of any IT security issues affecting your business, you'll want to get up and running again with minimal disruption.

In the world of IT security, planning for failure is the key to success.