What is a cyber attack? Simple steps you can take to keep your business safe online

It’s been a summer of discontent for many high-profile organisations with the likes of The Co-op, Marks & Spencer and Jaguar Land Rover experiencing large-scale cyber attacks. But what exactly is a cyber attack? And how can you better protect your business against them?

These days, businesses rely on the internet more than ever - for sales, communication, and storing important information. But this also means that cyber attacks are a growing risk. Even small businesses can be targets - cyber attacks are not just reserved for the big boys. The good news? With a few simple steps, you can dramatically reduce your chances of becoming a victim.

What is a Cyber Attack?

A cyber attack is when someone tries to break into your computer systems, networks, or online accounts to steal data, cause damage, or disrupt your operations.

Cybercriminals might try to:

• Steal sensitive information (like customer details or payment info)

• Lock you out of your own systems and demand money to get access back (this is called ransomware)

• Trick your staff into revealing passwords or clicking on harmful links (known as phishing)

  
  

No matter the method, the goal is usually the same - to take advantage of your business’s online presence for financial or personal gain.

Why Small Businesses Are Often Targeted

Many small and medium-sized businesses assume they’re “too small” to be noticed. Unfortunately, hackers often see smaller companies as easy targets because they may not have strong security measures in place.

Think of it like leaving your shop door unlocked - it’s not that thieves are after you specifically, but if they spot an easy opportunity, they’ll take it.

Simple Steps to Protect Your Business

Here are some straightforward actions that can make a big difference:

1. Use strong, unique passwords

Avoid simple passwords like “Password123” or your company name. Use a mix of letters, numbers, and symbols. Three random words is the NCSC's advice, or use a password manager to create and store them safely.

2. Turn on two-factor authentication (2FA)

This adds an extra step - like a code sent to your phone - when logging into accounts. Even if someone steals your password, they can’t get in without that second code.

3. Keep your software up to date

Updates often include security fixes. Make sure your computers, apps, and antivirus software are regularly updated.

4. Back up your data

Keep secure copies of your important files, ideally in a separate cloud service or an external hard drive that isn’t always connected. This can save your business if files are stolen or locked by ransomware.

5. Train your team

Most cyber attacks start with a simple mistake - like clicking on a fake email link. Teach your employees how to spot suspicious messages and remind them to double-check anything that looks unusual.

Employees are a company's greatest asset but are targeted by increasingly sophisticated scams. With our security awareness training, your staff can become highly effective barriers to cyber crime.

6. Limit access

Only give employees access to the data and systems they actually need. This reduces the risk of accidental leaks or damage.

7. Have a plan

Know what to do if something goes wrong. Have contact details ready for your IT support or a cybersecurity professional, and make sure everyone knows who to tell if they notice anything suspicious.

Staying Safe Online Doesn’t Have to Be Complicated

You don’t need to be a tech expert to protect your business from cyber attacks. A few smart habits and regular check-ins can go a long way toward keeping your data - and your reputation - safe.

By taking these simple steps today, you’ll make your business a much harder target for hackers tomorrow.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).