The recent wave of cyber attacks on UK businesses has highlighted the ever-present threat landscape that businesses currently face. The high-profile cyber attacks on Marks & Spencer, Co-op, and The Legal Aid Agency have disrupted operations, stolen sensitive data, and caused significant financial losses. These attacks are a stark reminder that cyber threats are always evolving and can strike at any time, regardless of a business’s size or reputation. As cyber criminals become more sophisticated, it’s crucial for all organisations to stay vigilant and proactive in their cybersecurity efforts.

To help with this, we thought we’d offer some guidance on cyber security best practice, with a guide of do and don’ts…

Do:

Do Regularly Update Software and Systems

Why: Keeping your software and systems up to date ensures you have the latest security patches and features. Known vulnerabilities for software are shared on the dark web allowing cybercriminals to exploit them. If you don’t keep on top of the security patches that repair these vulnerabilities, then cyber criminals can use them as an entry point to your systems.

How: Regularly check for updates for all your software, including operating systems, applications, and security tools. If you work with an IT provider, then discuss whether this is something they can manage for you.

Do Use Strong & Unique Passwords

Why: Weak passwords are an easy target for hackers. Many people imagine that that a hacker sits trying to think of what your password might be, and assume it will take a hacker as long as it might take them to guess a password. In reality, hackers have software that does it for them in seconds – this is called a brute force attack. The software cycles through combinations until one works.

How: Use long (18+ character) passwords with a variety of numbers, symbols, and upper and lower case letters. As an example, a password of 4 characters with a mix of numbers, symbols, and upper and lower case letters can be hacked via brute force literally instantly. A password of 18 characters with a mix of numbers, symbols and upper and lower case letters will take 52 quintillion years to be hacked. Additionally, ensure you have a different password for every account – if you reuse them, a brute force attack can give a hacker access to every single system you use instantly. We cannot stress the importance of this enough! We recommend using a password manager to help keep track.

Do Enable Multi-Factor Authentication (MFA)

Why: MFA means that even if a hacker has your password, they can’t access your accounts without approval via a second method (usually an authentication app on your phone). This, in combination with a long, complex password will keep your accounts pretty secure!

How: Implement MFA for every account or software that enables it for every user in your organisation. Again, if you work with an IT provider, discuss whether they can help you with this.

Do Backup Your Data Regularly

Why: Backups ensure you can recover your data in case of a cyber attack or data loss. You should be backing up your business critical data at a minimum, but ideally you should back up all the data you’d need to continue business as normal. Make sure you’re also backing up your Microsoft 365 data – just because it lives in the Cloud, doesn’t mean it’s backed up!

How: Use a Cloud backup service that automates the backups, doing the work for you. Testing your backups is crucial as well – backing up is great but only if you can actually restore it quickly and easily.

Do Educate Your Employees

Why: Human error is estimated to play a role in 95% of data breaches. Weak and reused passwords, neglecting software updates, clicking links without thinking, falling for phishing scams… unfortunately, the list goes on. Users outside of the IT space more often than not don’t understand about cyber attacks and the impact they have. Without this knowledge, following cyber security best practice can seem annoying and unnecessary. Education is crucial to ensure all your users know the importance of cyber security and the key things to look out for and avoid.

How: Conduct regular cybersecurity training sessions to keep employees informed about the latest threats and best practices. Consider taking it one step further with phishing simulations or penetration testing to identify knowledge gaps.

Don’t:

Don’t use public WiFi for business

Why: Unsecured networks are often targeted by cybercriminals who can intercept and access your data.

How: Use a Virtual Private Network (VPN). This creates a secure and encrypted connection, keeping your data safe even on Public WiFi. This is crucial if you’re accessing business sensitive data.

Don’t Forget to Monitor and Respond to Threats

Why: Continuous monitoring is essential for detecting and responding to threats in real-time. The only thing worse than suffering a cyber attack, is realising you suffered a cyber attack ages ago and you haven’t noticed or responded! By keeping an eye on your systems, you’ll be able to identify potential breaches as they occur. Additionally, having a comprehensive, tried and tested incident response plan will ensure that if you do get breached, you’ll know exactly what to do to recover.

How: Use security information and event management (SIEM) tools. Also, establish an incident response plan and test it regularly. Speak to your IT provider about setting these up if they’re not already.

Don’t Assume You’re Too Small to Be Targeted

Why: This is a trap many SMBs fall into. Cyber attackers hack smaller businesses because they’re seen as easy targets. SMBs often don’t have the knowledge or resources to dedicate to cybersecurity, and as a consequence have weaker security measures in place. Smaller businesses are also a common entry point for supply chain attacks, meaning cyber criminals hack a small business as a stepping stone for hacking a big business.

How: As Pat McFadden MP stated during his speech at the CyberUK 2025 conference in Manchester “cybersecurity is not a luxury – it’s an absolute necessity”. Recognising this, is the first step. Next, protect your business by implementing security measures tailored to your needs. We’d recommend working with an IT partner to ensure your business is protected – this means you can lean on their knowledge and expertise and have confidence in your solutions.

Conclusion

Cybersecurity is an ongoing process that requires vigilance and proactive measures. By following these dos and don’ts, you can significantly reduce the risk of cyber attacks and protect your business’s critical data.

If you’d like any help with any of the above, please feel free to reach out to us using the form below.