A guide to online safety for your business

Portfolio Executive
online safety business

Businesses large and small need to know how to stay safe online. It’s not only the big boys who can be targeted by cyber-criminals. In fact, smaller firms and startups with less budget for cyber-security measures can present an easier target. Internal security breaches and abuses by staff online can also be hugely damaging for small businesses. 

Any cyber-security issue can hurt a firm in a multitude of ways. They are financially costly, take time to rectify and cause damage to your hard-earned reputation. That’s why it’s critical for companies to do everything they can to guard against online security risks.

Our simple guide will provide the basics when it comes to keeping your business safe online. We'll cover best practices and offer some practical suggestions. That way we should help to point you toward a secure and profitable online future.

Writing policies and training staff

Many cyber-security threats can actually be avoided by having switched-on, well-informed staff. It’s absolutely critical that your employees are aware of different cyber-security threats. That way they're better placed to know how to deal with them.

The government offers a range of free online training courses that can help get your staff up to speed. They cover everything from dealing with ransomware to correct procedures for data protection. If your staff are well-educated in the threats that are out there, they will know how to keep your business safe.

As well as providing proper training, it’s also a good idea to write an official company policy document. The policy should cover everything to do with your business and the online world. It should be given to employees when they join your firm and can include any or all of the following:

  • Rules as to acceptable internet and computer usage at work. This will include sites and programs that are or aren’t allowed to be accessed. It will also cover if or when staff can use the internet or IT equipment at work for personal purposes. It’s often best to limit this kind of use to break or lunchtimes if allowing it at all.
  • Guidelines, advice or rules regarding how to handle confidential information. This information will depend on your business. It could be customer details, financial transactions or client contact information.
  • Password requirements for work networks or user accounts. All work-related accounts and logins must be password protected. You should also insist upon a certain level of password strength.  We’ll cover this in more detail later.
  • Who to ask for further advice. You’ll want to provide staff with somewhere to go if they have questions or run across any issues. This might be you or whoever on your staff is in charge of your IT and cyber-security.


Having an official policy for IT and internet use helps keep all of your staff on the same page. It’s only useful, however, as long as there are consequences for failing to adhere to the policy. Make sure your staff knows that breaches of the policy are not acceptable.


User accounts, privileges and passwords

Many businesses have user accounts. Staff uses them, together with passwords, to access company PCs and networks. They also give them somewhere to save and access their own files and programs.

Having user accounts and using them properly can help keep your company safe online. You can use them to restrict access to sensitive information. HR, financial or payroll details can be made accessible to only certain accounts, for example. That limits the possibility of damaging security breaches. You don't want to make those details accessible to hackers and cyber-criminals.

A limited number of administrator accounts on your network is also a good tip. Only these accounts can install software and change security settings. If only you and other key staff have these accounts, it protects your system against many types of threat. Those include potentially crippling viruses or ransomware attacks. They can hurt a network if dodgy software is installed or firewall settings are changed.

All user accounts and business network access should be password protected. Company rules on passwords should be in your official IT and internet usage policy. Some of the most important things to keep in mind are as follows:

  • Password strength – A weak, easy to guess password is better than no password at all; but not much. Staff should be told to use strong passwords. That means passwords of at least eight characters. They should include at least one number and one special character. It's also a bad idea to use passwords that they use for something else, inside or outside work.
  • Memory not memos – Even the strongest password isn’t secure if it’s written on a post-it note and stuck to its owner’s computer screen. You need to insist that employees remember their logins and don’t write them down or store them in their phones. Alternatively, there are online password managers which generate and remember all your passwords for you.
  • Changing things up – It’s a good idea to regularly change passwords. This limits the risk of them falling into the wrong hands or being guessed.


Implementing company-wide processes that ensure passwords are regularly changed or need to be a certain length or contain a wide variety of characters and numbers will help improve the strength of a password. Such a strategy will help improve online security.


Social media

Most modern businesses are expected to have a social media presence. Social media provides a great way to engage with the public and raise your company’s profile. It can also be a bit of a minefield.

Social media accounts can be hacked. Poor social media use can also be damaging to a firm’s reputation. There are a number of considerations to keep in mind when using social media as a business. If you follow these simple tips, you can maximise social media’s benefits and mitigate its risks.

  • Restricting access – Decide who in the company should be in charge of your social media. They should be social media savvy, reliable and trustworthy. Make sure that they and only they are the ones with access to your social media accounts.
  • Tone & content – Take some time to decide exactly what kind of social media presence you want to have. The tone of your posts and what you should share needs to be appealing to your target audience. Never share customer details or any personal information you don’t have explicit permission to use.
  • Privacy settings – Choose the right restrictions as to who can see your social media profiles. Each different channel will have its own features and tools for doing this.
  • Stay honest – Don’t try to con your customers through social media. It can be tempting to buy fake followers. You may even think about asking staff to pose as customers and post nice things about the business. If you’re found out, your firm’s reputation will take a (deserved) hit.


Software and other practical solutions

So far, we’ve mostly focused on IT and internet best practice. We’ve covered how you and your staff can use your systems and the internet in the safest way possible. There are also some more practical things you can do to keep your business safe online.

All businesses should purchase and install a professional standard firewall. That will protect your network and systems against a variety of threats. Those include viruses, spyware, and cyber-attacks from hackers. Firewalls are comparatively inexpensive. They're well worth the outlay when you consider the damage that cyber-attacks can do.

You should also protect your network with other internet security or antivirus software. This software scans emails, files, and  programs. It can also check devices (like USBs) that are connected to your systems. It will detect malware, ransomware or viruses in any of those locations. It will then protect your system from any threat it detects.

It’s crucial to keep your firewall and other antivirus and security software updated. What some people don’t realise is that it’s just as important to update your other software. Updates from software manufacturers often contain security patches. These fix vulnerabilities in their programs or apps. Those vulnerabilities could provide an opportunity for hackers to get into your systems.

Your firm might use Wi-Fi for its internet connection. If so, it should be encrypted and password protected. An unsecured Wi-Fi network is like an open back door for hackers and cyber-criminals.

Remote working is something else that can pose a risk to your cyber-security. Staff should only access your network or servers from certain devices. Those devices should have a firewall and antivirus software installed. To remove any risk, you may also want to consider setting up a Virtual Private Network (VPN). That ensures secure, remote access to your server.

Even if you follow all our tips, you may still fall foul of a cyber-attack. To limit its impacts, you should regularly back up your key systems and data. The backups should then be kept secure and separate from your main network.

That way you will always have a clean and secure version of your systems and data. You can then revert to that version if you need to. That might be if the original is damaged or destroyed or if you get locked out by a ransomware attack.

For more information on how to keep your business safe online, see the blog from Business Wales.