Protect your business online

Cyber security measures are simple steps and tools that protect your business data, systems and customers from online attacks. They help prevent problems stemming from:

• Internet threats, such as spyware or malware
• weak passwords or lost devices
• software bugs and vulnerabilities
• misuse of systems and features

For small businesses, the National Cyber Security Centre (NCSC) suggests core measures such as firewalls, secure configuration, access control, malware protection and patch management. These block 80% of common attacks and make your business harder to target.

Essential steps for cyber security

These seven steps are easy to implement and provide basic protection for most businesses to defend against common threats.

1. Maintain password security

Strong passwords are vital to good online security. Create passwords that are:

• at least 12 characters long
• a mix of upper- and lower-case letters, numbers and symbols
• free of personal information (like names and birthdays)

Protect them further by:

• changing passwords regularly
• never using them for multiple accounts
• always using two-factor authentication (2FA)

Create a business password policy to make sure all staff follow these rules consistently. It prevents weak or reused passwords across your team, reduces the risk of accounts being hacked, and makes enforcement easier through tools like scheduled resets or password managers. A clear policy also helps during staff training and audits.

For more advice, see the National Cyber Security Centre's (NCSC) password guidance.

2. Control access to data and systems

Give staff access to only the data and services they need for their role. This is called 'least privilege' and stops attackers moving through your systems if one account is compromised. Key actions include:

• locking premises and restricting physical access to devices and servers
• blocking unauthorised users with login controls
• using application settings to limit access to sensitive data
• restricting data copying to USB drives or email attachments
• using modern operating systems with built-in access controls

For more information, read NCSC's identity and access management guidance.

3. Use firewalls

Firewalls act as a barrier between your devices and the internet, blocking viruses and malware by filtering incoming and outgoing traffic. You should:

• enable built-in firewalls on every device and server
• configure rules to block risky ports and untrusted traffic
• check settings and update firmware regularly
• use hardware firewalls (in routers) for network-wide protection
• test firewall logs for blocked threats

Outdated firewalls are a common weak point, as many attacks exploit known firmware bugs. See server security guidance for more advice on advanced setups.

4. Install security software

Install anti-spyware, anti-malware and anti-virus tools on all devices to help detect and remove threats that get past other defences. You should:

• choose reputable, business-grade security software
• enable real-time scanning and automatic updates
• run full system scans weekly
• review quarantine logs regularly for blocked threats

Keep any security software up-to-date with the latest patches. See guidance on detecting spam, malware and virus attacks.

5. Keep software updated

Install security updates promptly to fix known bugs and vulnerabilities. Outdated software is one of the most common ways criminals break into businesses. As basic precautions, you should:

• enable automatic updates for operating systems, browsers and apps
• check monthly for updates on all devices and servers
• prioritise critical security patches
• restart devices after updates to apply changes fully

Enable automatic updates wherever possible – they close security gaps before criminals can exploit them.

6. Monitor for intrusions

Use intrusion detection systems or security information and event management tools to monitor systems for any unusual network activity. These generate alerts, often via email, when they detect a potential security breach. Early detection can limit damage so:

• set up alerts for suspicious logins, data transfers or traffic spikes
• review logs weekly and investigate any warnings
• start with free tools like OS built-in logging if budget is tight

See more on cyber security breach detection.

7. Train your staff

Train employees to recognise cyber risks and follow your security policies. Since people cause most breaches through simple mistakes, training reduces this risk significantly and your staff should understand their role in helping to keep your business secure. At a minimum, you should:

• explain to staff their role in keeping business data safe
• train them on any relevant policies and procedures
• run regular awareness sessions (quarterly minimum)
• test staff with simulated phishing emails
• update training when new threats emerge

See insider threats in cyber security for common staff-related risks and solutions.

Test your defences

Follow government best practices and free NCSC tools to check your security:

• get certified with the government's Cyber Essentials scheme
• run the free cyber security checks to scan your public-facing IT
• use the Cyber Action Toolkit to start protecting your business

These resources will help close common gaps fast and build confidence in your security.

Servers are powerful computers that host services like email, websites or file sharing. They process requests from other devices and deliver data to them, often running 24/7. Cyber criminals target them because they often hold sensitive business data.

What is server security?

Server security protects data and resources on your servers from intrusions, hacking and other malicious actions. Defences are often layered and cover:

• the operating system and critical services
• applications and content hosted on the server
• network protection against online threats

Insecure servers create significant business risks like data theft and network-wide attacks.

How to secure your servers

Securing large, complex servers may require specialist skills. However, any business using a server should be aware of the risks and - at the very least - use basic cyber security measures.

Physical security 

If you are not using a secure data centre to host your servers, you should:

• keep them in locked rooms
• restrict access to authorised staff only
• monitor security logs regularly
• check for environmental risks, eg overheating and fire
• ensure stable power supply

Like desktop PCs, servers need firewalls, regular backups and software updates, reliable anti-malware protection, and ongoing support and maintenance.

Network firewall security

Firewalls filter all incoming and outgoing traffic to your network. They block threats and can:

• prevent malicious email relay
• stop malware downloads
• restrict access to risky websites or services

Hardware firewall

Hardware firewall is built into broadband routers. It protects your whole network from unauthorised external access and is usually effective even with minimal configuration.

Software firewall

Software firewall is installed on individual devices. It is often part of the operating system and usually needs greater configuration of settings and applications controls.

Server hardening

Default server settings are rarely secure. They can leave systems exposed to known threats with default passwords, open ports and unnecessary services running. Server hardening is a security process that addresses these risks. It strengthens servers by removing known vulnerabilities, including:

• encrypting data transmissions
• disabling unnecessary services - unused ports, protocols and software
• applying security patches and updates regularly
• enforcing complex passwords and access control
• locking accounts after failed logins
• using intrusion detection
• backing up data and systems regularly

The National Cyber Security Centre has detailed guidance to help you secure your server.

Cloud servers as an alternative

Cloud servers provide an alternative (often a cost-effective one) to on-premises setups by hosting services on remote infrastructure through Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS) models.

In SaaS and PaaS, the cloud provider will typically be expected to configure and maintain servers for you, including patching, security hardening, and implementing security functions like logging and auditing.

With IaaS, you will be responsible for server security, including server hardening, access controls and compliance with UK rules, just as you would with traditional, on-premise servers.

Spam, viruses and other malware can seriously disrupt your business. The sooner you spot an attack, the faster you can limit the damage and recover your systems.

How to detect spam

Spam is unwanted email. It makes up a large share of email traffic, and many providers now filter it automatically.

Spam filters can:

• block suspicious messages before they reach inboxes
• move likely spam into a separate folder or mailbox
• reduce the risk of staff clicking on malicious link or attachment

To securely manage your inbox, use good spam filtering and follow phishing advice to reduce risk.

How to detect a virus or malware

Common signs of a virus or malware infection include:

• system slowing down
• unexpected activity on your machine or pop-up messages
• email server becoming overloaded or unreliable
• data files becoming corrupt, going missing or changing
• strange messages being sent from your accounts

If you notice these signs, use your security software to investigate the issue. Your software provider may also be able to help. Read more about cyber security breach detection.

How to recover from a virus or malware

If a virus or malware infection has affected your business, follow these five steps:

1. Tell everyone who needs to know

If the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.

2. Disconnect affected devices

As soon as possible, disconnect infected computers from any internal or external networks to stop malware spreading further. Do not reconnect until after you remove the threats.

3. Clean the system

Run anti-virus or anti-malware scans across affected devices to detect and remove infections. If scans fail to remove the threat, restore files from a recent clean backup. In some cases, you may need to wipe the infected device completely, reinstall the operating systems, and recover data from confirmed pre-infection backups.. If necessary, contact your software supplier for specific advice.

4. Prevent re-infections

Carry out emergency security measures and inform users that clean-up is underway. Apply all available patches and updates to fix known security gaps and close vulnerabilities that could allow re-infection. Change all passwords, including for unused accounts, as malware may have stollen credentials. Enable firewalls and real-time protection tools, and scan removable media like USB drives before use.

5. Control email traffic during the crisis

Use whatever facilities you have to prevent the virus spreading further. Scan inbound and outbound traffic for malware, and disable auto-forwarding or previews. Consider temporarily pausing outgoing email until systems are clean, and direct staff to use secure alternatives like phone or encrypted chat for urgent needs.

Prepare your business for a cyber attack

Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. Find tips to help you plan, develop and test a cyber security incident response plan.

You can also read the National Cyber Security Centre’s (NCSC) guidance on recovering an infected device and use their tools to strengthen your defences:

• 'Exercise in a Box' online training tool to practice your response
• Check your cyber security service to find common weaknesses in your system

Finally, stay informed via NCSC's cyber threat alerts or subscribe to their Early Warning Service for updates on potential cyber attacks that could affect your business network.

Phishing is one of the most common types of cyber crime in the UK. It targets businesses regardless of their size or sector.

What is phishing?

Phishing is a cyber attack that often starts with email. Criminals send fake messages that try to get people to:

• provide sensitive information, such as passwords and bank details
• send money to individuals or organisations
• download malware onto a device

These emails often contain malicious attachments or link to fake websites designed to steal data.

Phishing can also happen by:

• phone, known as vishing
• text message, known as smishing
• social media

Social media phishing usually involves:

• fake social media accounts that impersonate known or trusted people
• fake customer support accounts to impersonate brands
• click-bait posts that include malicious links
• fake surveys, promotions or contests to get personal information

See Get Safe Online tips to help you avoid social media phishing.

Targeted phishing attacks

Phishing emails are not always random. Standard phishing uses mass emails sent to many people indiscriminately, often with generic content to catch a few victims. However, some phishing attacks - like spear phishing and whale phishing - can target specific people or organisations by creating convincing, personalised messages. 

Spear phishing

These emails pretend to come from a trusted or familiar source, like a colleague or a supplier. Attackers research their target to make messages look legitimate. This method is known as social engineering - it increases the chances of tricking the target into sharing sensitive information or clicking harmful links.

Whale phishing (also known as whaling)

These emails use the same personalised tricks but target high-profile individuals, such as celebrities, politicians or C-level executives. Attackers use highly personalised emails that mimic trusted contacts, often referencing private details gathered from social media or public records to build credibility.

Evolving threats: AI and Deepfakes

Attackers now use artificial intelligence (AI) to make phishing more convincing. AI tools create:

• highly personalised emails or messages that mimic real colleagues or suppliers
• deepfake videos or audio impersonating executives (eg a fake video call from your CEO requesting urgent payment)

Deepfakes use AI to swap faces or voices, making scams harder to spot. Look for unnatural eye movements, inconsistent lighting, lip-sync issues, or robotic voice tones in video/audio calls. If in doubt, test with simple questions only the real person would know.

While not yet common against small businesses, cheap AI tools mean these threats are likely to grow. It is important to train staff to verify unusual requests ( eg for payment or data sharing) using multiple channels - for example, using a known phone number or in-person check, instead of a reply-all or provided contacts.

Read the National Cyber Security Centre’s (NCSC) blog to find out more about targeted forms of phishing.

How to spot fake websites

Fraudulent websites can be difficult to identify. They often copy real brands, banks, government services, email provides, IT service providers, online marketplaces, money transfer websites and social networks. Once you enter information into fake sites, criminals can steal it and use it to commit identity or financial fraud.

Common warning signs that you are on a fake website include:

• a different URL address from the one you expected or clicked on
• urgent language or pressure to act quickly
• requests for personal or financial information, such as account or social security numbers
• spelling errors, unusual navigation or poor design
• suspicious ads or pop-ups
• a mix of legitimate links with fake links
• incorrect company name
• missing or fake contact details

Keep in mind that an HTTPS site (where the padlock symbol next to the URL address claims a secure connection) can also be malicious.

How to prevent phishing

Treat all unexpected messages with caution. Especially watch out for:

• Generic greetings like 'Dear Sir/Madam' or 'Dear customer'. Legitimate companies and individuals will generally call you by your name, eg 'Dear [FIRST NAME]'.
• Mismatched sender addresses or links to web pages. Make sure that they match legitimate sources, including when you hover your cursor above them.
• Unsolicited emails carrying attachments or directing you to download documents or files from unknown websites. A good email filter will block many of these types of messages.
• Emails that appear to come from a bank or similar institution, and request sensitive information. If in doubt, contact your bank directly using trusted contact details and do not use the contact details or links provided in the email.
• Emails demanding urgent action or making offers that are too good to be true.

If in doubt, avoid clicking links in emails. Instead, contact the sender using known details from their official website or a trusted phone number - never use details from the email itself. Use email filters to block many threats automatically.

Read the NCSC's guidance on phishing and how to defend against it.

Report suspicious messages

Train your staff to recognise scam and act appropriately. If they receive a suspicious email, they can report it to the NCSC Suspicious Email Reporting Service: report@phishing.gov.uk. If you need help training your staff, use the NCSC's Top Tips for Staff tool.

Point-of-sale (PoS) systems are a common target for criminals, especially in retail and hospitality. Attacks can affect both the hardware and the software that processes card payments.

Main risks to point-of-sale security

PoS systems can be targeted in two main ways:

• hardware attacks - when criminals attach a 'skimmer' device to a terminal to intercept and capture card data
• software attacks - when malware is used to gain access to the PoS networks and steal payment data as it transmits through the network

If you use point-of-sale networks to conduct business, you must follow security best practices and make every effort to protect your terminals and software.

How to protect your point-of-sale station and network

For best security, use multiple layers of protection. This means you should:

• Use strong, unique passwords. Change default usernames and passwords after installation and update passwords on a regular basis.
• Keep all software updated. Apply the latest security patches to your PoS system to keep it protected against known vulnerabilities.
• Use firewall and anti-virus software to protect the terminal and network from malware - see common cyber security measures.
• Use encryption for data transmission. Your POS service provider usually sets this up default. If you have any concerns, discuss safeguards with them to protect your system.
• Control access. Only allow authorised staff to access customer data. This reduces breach risks from insiders, stolen credentials or errors.
• Block PoS devices from accessing the internet, where possible. This can prevent exposure to online threats like drive-by download or remote exploits.
• Segment your network. Isolate PoS systems from other business systems like office PCs - this can help malware spreading to your PoS within your local network.
• Disable remote access, where possible. This stops criminals exploiting weak logins and reduces the number of ways they can get into your system.

Even with these measures in place, no system is completely safe. Train staff to spot signs of tampering or suspicious activity, and monitor your systems for security breaches. It's also a good idea to test your cyber security incident response plan and keep your PoS supplier's contact details handy in case of an incident.

Cloud security protects your data, apps and systems hosted on cloud platforms like Microsoft Azure or Amazon Web Services. It involves controls, policies and processes to prevent unauthorised access, data breaches and service disruptions.

Cloud security risks

Cloud services can be affected by risks such as:

• hacking and unauthorised access
• data loss or theft
• server faults and service outages
• poor configuration or weak access controls
• legal and compliance failures

Some risks are managed by the cloud provider, while others are your responsibility as the customer. The exact split depends on the type of cloud service you use:

• Software as a Service and Platform as a Service models: the provider usually manages most of the underlying security and maintenance.
• Infrastructure as a Service model: you are usually responsible for more of the security, including configuration, access and patching.

Make sure you know who is responsible for what before you sign up.

Cloud security controls

Many common cyber security measures work in cloud environments too, including:

• antivirus
• firewalls and perimeter protection
• traffic monitoring and reporting
• spam filtering
• real-time alerts and analytics

The National Cyber Security Centre (NCSC) offers detailed guidance to help you configure, deploy and use cloud services securely.

Cloud security and data protection

If you process or store sensitive business or personal data in the cloud, check that your provider takes security seriously. Key checks include:

Provider vulnerabilities

Are they following best security practices, patching up regularly, and implementing proper security controls? Can they guarantee that your assets will be protected against physical tampering, loss, damage or seizure?

Technology vulnerabilities

Are there weaknesses in the host system or server configuration? Can you get assurances that the technology is secure? Will it be reliably accessible and available when you need it?

Access policies

Did you agree standards and responsibilities between yourself and the provider? Defining roles and responsibilities can help ensure secure coverage and prevent potential liabilities in case of cyber incidents.

Access controls

Will the provider limit access to the cloud service to only those who need it? How will they minimise the risk of accidental or malicious compromises of your data by their personnel?

Service level agreements

Can you establish a documented standard with your cloud provider, including their duties in relation to ongoing management, response times and support?

Risk assessment and analysis

Does your provider have an adequate incident plan in place to quickly deal with and mitigate any potential breach?

Legal and regulatory implications

If you're storing or processing personal data in the cloud, you will have to comply with the UK General Data Protection Regulation (UK GDPR).

Read NCSC's guidance on cloud computing and data storage, and managing the risk of cloud-enabled products.

A data breach happens when unauthorised people access or disclose sensitive, confidential or otherwise protected data. This may include personal information, financial records, trade secrets or intellectual property.

Data theft specifically involves stealing digital information to misuse, sell or publicly expose it. Both threaten your business reputation, finances and legal standing.

Impact of data breach or theft

Data breaches or theft affect businesses differently, but common consequences include:

• financial loss
• reputational damage
• business disruption
• fines or legal action if you fail to protect data property

Read more about the impact of cyber attack on your business.

Data can be lost or stolen through:

• unauthorised access to IT systems and networks
• theft of property or equipment from your premises
• transporting data externally via unsecured devices
• poor data protection processes and staff mistakes, with or without intent

How to prevent data breach

To protect your business data, you should think about:

• where and how you store it
• how you secure it (both physically and electronically)
• who can access it
• how that access is managed (eg individual devices)

Back up your data

You should back up your important data regularly and store it securely off-site. For added protection, you can use data loss prevention software to:

• disable USB ports
• monitor copying of files to storage media
• prevent users from transferring the data altogether

Read the National Cyber Security's (NCSC) detailed guidance on the importance of backing up your data.

Create an asset register

As part of your security measures, you should create an asset register taking into account all hardware and software, including your server equipment. Determine which assets are at risk from cyber attack and record all the relevant details. Audit the register regularly to ensure that equipment is accounted for, and that the information is safe and secure.

If your data is stolen - how to deal with a data breach

If you think data has been stolen, or your business has been exposed to fraud, act quickly to:

• prevent the data breach from continuing
• discover the extent of the damage
• clean up the damage

Your incident response will depend on the circumstances. You may need to take specific advice from the police or legal advisors, but generally speaking, you should:

• report the incident to the relevant authority
• inform your bank
• check bank accounts for unexplained transactions
• check for any unexpected account activity
• review your credit position
• get IT security support if needed to investigate the breach or help you recover from the breach

Find out how to develop a cyber security incident response plan.

The NCSC provides incident management guidance and an 'Exercise in a Box' online cyber exercising tool to help businesses detect, respond to and resolve cyber incidents. Further guidance is available in their small business guide to response and recovery.^.

Reporting a data breach

As part of managing the incident, you may need to let people or organisations know about the security breach. You may need to notify:

• the regulators, if the breach is significant or if you've failed to comply with data protection legislation
• individuals or groups whose personal data has been compromised
• relevant industry bodies, eg in the financial or telecommunications sector

Different agencies have different remits in terms of investigating and assisting with cases of online fraud, data breaches and cyber crime. Find out how to report a cyber crime.

Under the UK General Data Protection Regulation (UK GDPR), you must report a serious personal data breach to the Information Commissioner's Office if the breach is likely to result in a risk to people's rights and freedoms.

Remote access lets staff connect to business systems via the internet from remote locations, such as home or on the road. It offers flexibility for hybrid working but introduces cyber security risks if not configured securely.

You can manage some of these risks by using strong authentication, encryption and monitoring. Without proper controls, attackers can exploit weak points to access your network and steal sensitive data.

Remote access risks

Remote working sends business data or services outside of the corporate infrastructure, typically over the internet, and often using devices outside your direct control, such as personal laptops or phones. Remote setup adds specific risks, such as:

• lack of physical security, which increases chances of device loss or theft
• eavesdropping, as data travels over the public networks
• unauthorised access, such as someone overlooking the screen
• data being monitored, copied or changes, if someone gains access to the device

These risks are greater when staff use public Wi-Fi or personal devices. You can adapt most common cyber security measures to meet the unique challenges of remote access security.

Managing remote access risk

You should assess the risks associated with working remotely and set clear rules and policies covering:

• who is allowed to work remotely
• what devices they are allowed to use
• what systems and data they can access or store on devices
• what security controls they must follow

Check risks to your network and systems and, if necessary,  increase monitoring on remote connections. If you do so, review and update your workplace monitoring policies first.

Remote access security measures

Some specific recommended actions for securing your remote access include:

• encrypting all data to prevent interception and theft
• using strong firewall and security software on all devices
• using multi-factor authentication (eg password plus token or app)
• restricting access to unauthorised users
• allowing legitimate users minimum access needed for their role
• reviewing server logs regularly for unusual activity
• removing remote access privileges once staff leave or no longer need access
• testing system regularly for vulnerabilities
• keeping firewall and remote access software patched and up-to-date

You can also use a virtual private network (VPN) to add an extra layer of protection for remote connection.

If you're introducing or scaling up remote access, read the National Cyber Security Centre's (NCSC) guidance on home working and moving your business from the physical to the digital. If your staff is using personal, rather than work-issued devices, see NCSC's advice on secure home working on personal IT.

Insider threats come from people within your organisation, such as employees, contractors or partners, who misuse access to your systems or data. This misuse often happens by accident rather than deliberate action. It can compromise operations and cause major financial and reputational damage - read more about the impact on your business.

Types of insider threats

Most insider threats fall into three categories:

• the malicious insider - deliberately misuse access to harm the business or steal data
• negligent staff - make avoidable mistakes like clicking phishing links or losing devices
• the third party contractors - lack the same training or oversight as employees

Insider threats often arise from everyday activities that create cyber security vulnerabilities. Watch for these common risky behaviours in your team:

• browsing unauthorised websites
• visiting social networking sites
• sharing confidential information in a social network environment
• opening spam or suspicious links and email attachments
• accidentally sending sensitive information to the wrong people
• accidentally transferring viruses or malware
• choosing weak passwords and never changing them
• using the same password on multiple accounts
• installing unauthorised programmes on the employee's machines
• uploading files to an online file-sharing service, personal cloud or storage network
• downloading unauthorised files (eg music, films or photographs)
• misplacing or losing property (eg laptops, mobile phones, USB devices)
• providing information to a third-party, eg suppliers or vendors
• transporting company information via unsecured portable devices
• sending sensitive work documents to personal email addresses
• using unsecured mobile devices to share work data or access company information
• accessing your business' virtual private network via public computers and public wireless hotspots

You can prevent many risky behaviours with clear cyber security policies, training and controls.

How to reduce insider risks

Many unintentional employee mistakes are avoidable. Keep your workplace secure by taking these steps:

• Screen new starters: check references, qualifications and identity before giving system access.
• Set clear rules on acceptable use and data handling in written IT policies.
• Enforce strong password practices.
• Block unauthorised websites and devices.
• Restrict software installs and data access permissions
• Review email, internet use, remote working and bring your own device standards.
• Train staff regularly on risks and incident reporting.
• Monitor logs for unusual activity and audit access rights regularly.
• Raise cyber security awareness across the business.
• Use contracts and non-disclosure agreements for sensitive data access.
• Build in security compliance and disciplinary measures into employment contracts.
• Use cyber breach detection to spot risky user activity in real time and alert teams.

Help employees understand their roles and responsibilities in keeping data safe. Use sample IT policies, disclaimers and notices to set expectations.

Even with best practices, understand that incidents may still happen. Review your cyber security risk management processes and develop an incident response plan, to allow you to quickly and efficiently deal with cyber incidents.

Cyber attacks threaten all businesses. A recent government survey found that many organisations, including small businesses and charities, have experienced cyber incidents. Larger businesses face more frequent attacks, but any business without proper defences can be vulnerable.

How to protect your business online

The National Cyber Security Centre (NCSC) recommends these actions:

• Back up your data regularly. Store copies of your data off-site and test that backups work.
• Update software promptly. Apply security patches on all devices used in your businesses. Enable auto-updates where possible.
• Use anti-virus and anti-malware software. Keep it up to date.
• Choose strong, unique passwords. Change them regularly and use two-factor authentication.
• Encrypt sensitive data. Never send passwords or sensitive details via unencrypted email.
• Be cautious of phishing and ransomware. Avoid clicking on suspicious links in emails or social media.
• Use firewalls and keep router firmware updated.
• Secure Wi-Fi with encryption (e.g. WPA2). Change Wi-Fi passwords regularly.
• Use a VPN when connecting over public or external networks.

For detailed guidance, check the NCSC's cyber security advice for small and medium-sized businesses.

Useful NCSC tools and services for businesses

You can access a range of free resources from the NCSC to help protect your business. These include:

• Check your cyber security service: Quickly find vulnerabilities in your online systems.
• Cyber Action Plan: Get a personalised plan with practical steps to improve your security.
• Small Business Guide: Simple, low-cost advice for small organisations.
• Free Cyber Security Training: Short, easy-to-use online training modules for staff on recognising cyber threats and protecting your business.

You can also stay informed of any emerging threats by registering for the NCSC's Early Warning Service.

If you experience a cyber attack, report it immediately to the NCSC's 24/7 Incident Management team at report.ncsc.gov.uk.