Skip to main content
Personal
Business
Commercial
Log in to Business Banking
The Co-operative Bank
or
Register

A guide to Cyber Security for businesses

14 April 2022

6 min read

Please be aware that this is a guide only and you should seek specific advice for your business*

Whilst no security system or plan can ever be 100% safe it's important to be prepared to deal with an attack as well as knowing what to do if your business falls victim to cybercrime.

Together with one of our partners the Cyber Resilience Centre, which is a not-for-profit that helps companies develop resilience to cybercrime, we’ve put together a guide to cyber security for your business to familiarise yourself with common cyber-attacks that could occur and how to prevent them.

What is cyber security? Cyber security is important because of how much we all use our phones, computers and the internet. The running of businesses has changed considerably in the last five years and cyber security's core function is to protect the devices you and your employees use and the services we have access to - both online and at work - from theft or damage.

We must work to prevent unauthorised access to the vast amount of business information we store on these devices, and online, that includes details of our customers, employees and suppliers. Should access be gained, fraudsters can do things such as setting up a company using your details, commit invoice fraud by obtaining details about your suppliers and leak personal information about your customers and employees.

Your business should take the necessary steps to prevent cybercriminals from getting hold of your accounts, data, and devices as the detriment can be huge.

What are the most common cyber security threats that may affect your business?

  • Ransomware is a type of malicious software that threatens to publish or block access to victim’s business or customer data unless a ransom is paid to the hackers.
  • Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that attempts to gather personal or business information. Phishing type messages are often sent via text message, social media, or by phone, however, the term 'phishing' is mainly used to describe attacks that arrive by email.
  • Malware is a malicious piece of software that enables unauthorised access to networks and is designed to cause damage to either a single computer or network. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Some Malware examples are viruses which insert themselves into a computer programs code and a worm which is a piece of malicious software designed to spread from computer to computer.
  • Weak passwords used by your employees or using the same passwords for multiple accounts can cause your companies data to become compromised. The National Cyber Security Centre (NCSC) which is an organisation of the UK government and the technical authority for cyber incidents recommends everyone should use 3 random words to create a strong, unique password that they will remember.

How to make your business more secure from a cyber attack

1. Is your data backed up?

Your business should regularly back up documents and data in at least one other place to minimise the risk of losing everything if you get a ransomware virus.

You can back up data onto:

  • An external hard drive, making sure that the drive isn't connected at all times, as ransomware can infect devices connected to your network
  • A cloud server, making sure that the password you use for cloud servers and backups is a strong password and one you don't use anywhere else.

2. Are your staff aware of the latest email and text scams?

Make sure your staff are aware of common fraud threats such as phishing and malware and how to avoid them. If an email or text is unexpected or seems unusual, even if it’s from a customer you know, your staff should be encouraged to contact the sender directly to check if they have sent it.

Remember, your bank, the police, the NHS, HMRC and reputable companies will never ask for sensitive or financial details of your business via email, phone or text.

How to protect your business from scams, known as 'phishing'?

  • Don’t respond to, open attachments or click on links in emails or texts if they are from unknown sources and keep an eye out for not been addressed by name, bad grammar and alterations in business names and email addresses such as extra letters and numbers
  • Never give out business information, financial details or passwords in response to an unexpected email, phone call or text message
  • Make sure your IT department has set up spam filters on all of your email accounts
  • Always go to a website directly, by typing out the address yourself, before logging into an online account and check for the padlock next to the web address which means the website is secure
  • Remember, the police, banks and government departments like HM Revenue & Customs (HMRC) will never ask you to transfer money out of your business bank account.

You can report a suspected Cyber fraud email issue by forwarding phishing emails to the National Cyber Security Centre (NCSC) suspicious email reporting service via report@phishing.gov.uk and forward phishing text messages to your network provider via shortcode 7726 who will both take steps to prevent these at the source.

3. Be careful with social media

Social networks are a great way of keeping in touch with customers, but always be mindful of how much information you are sharing. Avoid sharing any personal information about you and your business and be aware of any links shared making sure they are from legitimate sources before clicking.

The national reporting centre for fraud and cybercrime, Action Fraud received 15,214 reports of email and social media hacking between February 2020 and February 2021 – with 88 per cent of victims being individuals and 12 per cent being businesses that had accounts compromised by criminals.

Make sure you:

  • Review your privacy settings and check them regularly as updates can affect settings
  • Think carefully about the images, videos and content that you share.

You can read more about the steps you can take to protect yourself from cyber crime and fraud on our website, along with links to some recommended organisations that provide further expert help and guidance.

How to report cyber attacks and fraud

Police forces have dedicated specialist cybercrime teams who are highly trained and experienced in investigating cybercrime and at putting the victim’s needs at the forefront of the investigation.

If you are a business, charity or other organisation currently suffering a live cyber-attack (in progress), you should call the police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.

If you are a business customer of The Co-operative Bank and think you have revealed security details, fallen victim to fraud, or notice any unusual activity on your account, you can contact us here.

To reduce the chances of your business becoming a victim of cybercrime you don’t need to be a computer expert. Developing a few good online habits drastically reduces your chances of becoming a victim, makes you less vulnerable and helps your business operate online safely.

One of our partners, the Cyber Resilience Centre, works with small and micro-businesses through their free core membership, as a helpful introduction to cyber resilience and how to train you and your employees to be cyber aware.

For more helpful support and resources, our Business Exchange hosts a wide range of content tailored to you and your business.

*While all reasonable care has been taken to ensure that the information provided is correct, no liability is accepted by The Co-operative Bank for any loss or damage caused to any person relying on any statement or omission. This is for information only and should not be relied upon as offering advice for any set of circumstances. This is merely a guide and each business is unique in its requirements. Specific advice should always be sought in each instance.