Warning: You are using an outdated Browser, Please switch to a more modern browser such as Chrome, Firefox or Microsoft Edge.

Accessing digital services and data is essential to run almost any organisation in the modern world. 

This has also created a new set of potential security and business continuity vulnerabilities. Over the last four years, cyber threats have been ranked as the top risk facing UK businesses by the Allianz Risk Barometer.

Any company holding data, or reliant on digital services, can be affected by cyber criminals, even if they aren’t targeted directly. Loss of data can happen all too easily – causing wide-reaching and highly damaging consequences.

Physical risks are also relevant in ensuring a robust cyber infrastructure. Power surgesfire, water and impacts can all cause damage and create difficulties for the organisation. Additionally, theft can be a problem. Not only the cost to replace equipment, but also losing work in progress, not to mention the legal, financial and reputational implications if sensitive information falls into the wrong hands.

  • Ensure that your processes and defences meet the standards needed to comply with the Data Protection Act, including the changes enacted by the integration of the General Data Protection Regulation into UK legislation in May 2018.
  • Make sure all IT passwords are changed within appropriate timeframes, are at least eight characters in length, and that they contain a combination of alpha, numeric and special characters.
  • Consider restricting information, websites and programs that can be accessed using your organisation’s equipment and internet connection. Only relax restrictions where it’s necessary, so an employee can do their job (e.g. social media for marketing).
  • Review how employees working remotely and outside organisations access your systems.
  • Provide information and regular training so employees and others who access your IT systems understand how a business can become the victim of a cyber-attack.
  • Use a reliable spam filtering service and educate employees so they recognise and don’t open emails that could be malicious.
  • Have a procedure in place ensuring access rights are promptly deleted when an employee leaves the business, an outside organisation no longer needs the access or if a connected device is lost or stolen.
  • Encrypt all drives, especially portable devices, so only authorised personnel can read the data within.
  • Keep firewalls, anti-virus and other IT security features up-to-date, and make sure the products being used are independently tested.
  • Check that any third party data storage facilities are independently audited and/or are accredited, as well as those that you own and operate.
  • Don’t forget to think about the physical risks that could affect devices and result in data corruption, loss or theft, such as burglary, accidental misplacement and fire.
  • Read through and act on our advice about data management to further protect yourself against cyber threats.
  • Consider applying for Cyber Essentials certification. This is required for certain UK Government contracts but is increasingly becoming necessary when working with large firms.
Find information on regulations that you and your business may need to comply with.
Some of our templates may be useful when developing security systems.
Identify the key functions in your business and work out the damage that interruption could do.
Frequently asked questions
Find answers to some common queries about securing property, vehicles and stock, and protecting people against potential threats.