Cyber security best practices: tips to keep your business safe online

Whether you’re a freelancer, sole trader, contractor or small business owner, understanding and implementing cybersecurity best practices can mean the difference between safety and vulnerability. From phishing scams to ransomware attacks, the risks are real – but so are the precautions you can take.  

We’ll simplify practical, actionable strategies to help you keep your business safe online, reduce your exposure to threats, and build a resilient digital presence. 

The rising threat of cyber crimes 

Let’s face it – cyber threats aren’t just a tech problem anymore, they’re a daily reality for nearly everyone online, with cyber attacks increasing over recent years.

The UK government’s Cyber security breaches survey 2025 estimates that at least 1 in 5 businesses were a victim of at least 1 cyber crime in 2024/25, with phishing remaining the most common type of incident. 

Overall, it’s estimated that UK businesses experienced roughly 8.58 million cyber crimes of all types. That’s including 680,000 non-phishing crimes across 2024/25. 

Yet only 34% of microbusinesses have undertaken at least 5 of the 10 steps to cyber security. 

The National Cyber Security Centre’s (NCSC) wording on its site is quite long and mostly aimed at medium to large businesses. But there’s plenty of takeaways for smaller businesses and the self-employed to apply to their own work. 

So, let’s break them down to help you put these cyber security precautions into practice. 

Cyber security best practices 

The NCSC has lots of guidance on cyber security for businesses. The ‘10 steps to cyber security’ mentioned above is angled more towards medium and large businesses, but they’re still important for smaller businesses to consider. 

Let’s look at how they can apply to the likes of the self-employed and SMEs: 

1. Asset management 

This is a crucial part of keeping your business safe online. Assets can encompass anything from internal documents and intellectual property to customer data, software, hardware and financial capital. 

Asset management is about creating, maintaining and monitoring inventories. This gives you visibility of assets within your business environment so you can track their status, location, usage and more. 

This can become a laborious task, especially for one-man-bands. But even basic asset management can be worthwhile and can feed into other cyber security basics. 

2. Risk management 

Every business will face risks, it’s inevitable. This step is about mitigating the likelihood a risk turns into a threat.  

You should list potential cyber risks you might face and use this to inform other security related decisions. 

Think about: 

• What’s important to your business (what to keep safe or what might be a target) 

• How you work (what digital tools, services or platforms you use) 

• Who you share data or files with 

• The types of data you handle (sensitive information, personal data, confidential files) 

3. Training 

The best way to protect your business against cyber threats is to educate yourself on what you’re facing and getting advice on keeping them out. 

The NCSC has plenty of useful resources including their Cyber Aware education hub as well as their ‘Top tips for staff’ training which can be used by any business of any size. 

It’s also good to get clued up on the types of cyber crime – The Met police have a great guide called The Little Book of Cyber Scams. 

4. Configuration 

Configuration is about the systems you use. With technology and security constantly changing, you should make sure good security is built into your digital setup from the start. 

A few pointers: 

• Use trusted & secure services – make sure any software or online tools you use are trusted and have security features built in. 

• Apply security updates promptly – set up systems (like your laptop or website hosting) to install security patches automatically. Or set yourself reminders to install manually. 

• Reduce vulnerabilities – try to keep the number of online accounts and digital systems you use/sign up for to a minimum. Remember to disable or remove unused account to give potential cyber criminals less points of access. 

• Use systems compatible with backups – many digital services and tools allow backups. Try to choose ones with this feature and make sure backups are stored securely and can be easily accessed if needed. 

• Use a security monitoring tool – a basic monitoring and logging tool should be included in your configuration. This can help keep an eye out for suspicious activity and scan for compromises. Be sure to store logs separately from potentially vulnerable systems to prevent access to hackers. 

5. Vulnerability management 

Most cyber crimes are possible because criminals take advantage of known or obvious vulnerabilities. 

Establish a reliable vulnerability management process or find a trusted tool or third-party that can help you do this. 

Doing other steps in these 10 security best practices can also contribute towards vulnerability management – like risk assessment, configuration and access management. 

6. Identity and access management 

Keeping business data secure is as much about who you let in as it is who you try to keep out. Find trusted ways to confirm the identity of anyone you allow to access important files and data.  

Use multi-factor authentication for your accounts, keep an eye out for suspicious account activity and consider password protecting any files you need to share with clients, customers or staff. 

7. Data security 

Data security is pretty much the foundation of cyber security best practice. Some more specific takeaways are: 

• Back up your data – Consider the 3-2-1 rule – 3 copies, stored on 2 media types (external drive & cloud) and make sure at least 1 copy is stored offline (hard drive or physical). 

• Encrypt sensitive data – Use email encryption and password protect business-critical folders. 

• Consolidate files – Avoid having too many copies across multiple places. Being intentional with where you store data allows better control over access. 

8. Monitoring 

Covered slightly under other steps, logging and monitoring your systems and tools will help you understand if and when anything changes. If there’s a new login attempt, unfamiliar software is installed or files are edited out-of-hours, monitoring will help you spot this quicker and react promptly to limit any damage. 

9. Incident management 

In the event the worst happens, having an incident management plan in place can lessen the impact of a cyber incident. Make sure you know how to report cyber crime, how to use your monitoring tools to identify the vulnerability and the steps you can take to limit access to cyber criminals to mitigate the extent of any damage. 

10. Supply chain security 

Linked to access management, supply chain security is what it sounds like – managing data security with those you work with in the supply chain. 

Maybe you send large files to clients using an online transfer tool, email sensitive information to employees or have to allow shared access to an online account for financial or legal services. 

However you work with the supply chain, make sure you can confirm the identity of who you’re sharing data with and can legitimise their need for access. It also helps to understand their security needs and protocols so that you can work together better (and more securely). 

Other ways to stay safe online 

The above covers the 10 steps of cyber security outlined by the NCSC. A few other points on how to stay safe online include: 

• Making sure lost or stolen devices can be tracked 

• Understand how to turn on and use your computers security features (e.g. firewall & malware protection) 

• Don’t use unknown Wi-Fi hotspots. If you need to, use a VPN to encrypt your data 

• Be aware of your surroundings and make sure no one can view sensitive info, or make note of any logins you use 

• Educate yourself strong passwords and things to keep in mind when using them 

Getting cyber incident support 

Available as an optional add-on with our Contractor Insurance, our Cyber Liability cover includes access to a 24/7 incident response helpline. Whether you’re dealing with a confirmed cyber incident or just suspect something might be wrong, we’ve got experts on hand to help.  

That means you can get your cyber insurance alongside other cover like Public Liability, Professional Indemnity, Personal Accident cover and Employers’ Liability, all under one policy.  

If you’re interested to more about what our policies cover, give our in-house experts a call on 01242 312 604 – we can help make sure you get the cover you’re looking for.