top of page
Search

What you can do to reduce your chances of becoming a victim of cybercrime

ree

The rise of the Internet had led to cybercrime becoming one of the fastest-growing threats facing businesses today. For SMEs, the risk is especially significant. Typically, they’re without the same security infrastructure or in-house expertise that large organisations can afford, making smaller companies easier targets for cybercriminals. 

 

Fortunately, reducing your exposure to cyber threats doesn’t have to mean overhauling your entire IT system. A few practical steps (applied consistently) can make a huge difference! Here’s what you and your team can start doing today to lower the risk. 

 

Use strong, unique passwords (and store them securely) 

Weak or reused passwords remain one of the most common ways hackers gain access to systems. Using the same login details across multiple platforms means that if one account is compromised, all your systems could be vulnerable. 

 

Encourage staff to: 

 

  • Use long, complex passwords (a mix of letters, numbers, and symbols). The NCSC recommends using 3 random words – you can find out more about this and see examples in our password guide below. 

  • Avoid using company names, birthdays, or common words. 

  • Use a password manager to store and generate secure credentials. 

 

There are many excellent password management tools on the market that offer team-based access and security auditing. If you’d like to find out more about password best practices, you can check out our full password guide here. We also have a guide on password manager apps to help you find the right one for your business.  

 

Turn on Two-Factor Authentication (2FA) 

Two-factor authentication (2FA) adds an extra layer of protection by requiring a second piece of information to log in. This is usually a code sent to a mobile device or generated by an app. 

 

It’s a really simple step that can stop most brute-force attacks in their tracks. Wherever it’s available (email, cloud storage, accounting software) make sure 2FA is enabled. This applies to both employee and administrator accounts. It’s even better if you can turn on multi-factor authentication – and yep, you guessed it, we have a full guide on MFA too! 

 

Train staff to recognise phishing attempts 

Phishing emails are getting more and more sophisticated and often designed to look like they’re from trusted sources like clients, suppliers, even internal colleagues. All it takes is one click on a malicious link or attachment to give hackers a foothold in your network. 

 

Run regular training sessions to: 

 

  • Help employees spot red flags (e.g., suspicious email addresses, unexpected attachments, spelling errors). 

  • Encourage a “stop and check” mindset before opening or clicking on anything unusual. 

  • Provide a clear process for reporting suspected phishing attempts. 

 

Even short, quarterly training refreshers can significantly improve awareness and reduce the chance of human error. We run cybersecurity awareness training and we also have a further guide to staff training which you can read here. 

 

Keep software and systems up to date 

Cybercriminals often exploit known vulnerabilities in outdated software. Regular updates may seem inconvenient but skipping them can leave your systems exposed. 

 

Make sure: 

 

  • Operating systems, browsers, and all software are regularly patched and updated. 

  • Any unsupported legacy systems are either upgraded or properly isolated. 

  • Automatic updates are enabled wherever possible and that updates are installed within 14 days. 

 

Bonus tip: Don’t overlook things like routers, printers, and IoT devices. These can often be an entry point if they’re running outdated firmware. 

 

Back up data and test the backups 

Having a reliable backup system is one of the most effective ways to recover from a cyberattack like ransomware. But backups only help if they’re up to date, secure, and actually working. 

 

Best practices include: 

 

  • Regular automated backups (daily, if possible). 

  • Storing backups in a secure off-site or cloud location. 

  • Running periodic tests to ensure data can be restored quickly. 

 

This doesn’t just help with cyber incidents, it’s also a useful safeguard against hardware failure or accidental deletion. 

 

Limit access to sensitive information 

Not everyone in your organisation needs to know or have access to absolutely everything. Adopting a “least privilege” model means employees only have access to the data and systems necessary for their role. 

 

This helps: 

 

  • Reduce internal risk (both accidental and malicious). 

  • Minimise the damage if a single account is compromised. 

  • Improve accountability through clearer access controls. 

 

Use role-based permissions and make sure to take the time to regularly review who has access to sensitive systems or information. 

 

Have a response plan in place 

Preparation makes a difference. In the event of a cyber incident, knowing how to respond can limit damage and downtime. 

 

Create a simple incident response plan that includes: 

 

  • Who to contact (both internally and externally). 

  • Steps to isolate affected systems. 

  • Communication protocols (especially if customer data is involved). 

  • How to recover from backups and resume operations. 

 

You should run through the plan at least once a year so everyone knows what to do if the worst happens. It may also be worth putting one or two people in charge of the plan. 

 

Final thoughts 

Cybersecurity can feel like an overwhelming challenge, but the fundamentals really do go a long way. Most attacks aren’t personal, they’re simply opportunistic. By tightening up access, educating your team, and preparing for potential incidents, you make it much harder for cybercriminals to succeed.  

 

 

Need help with your organisation’s cybersecurity? Contact us today to find out how we can help.  

 

 

Comments

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Cyber Essentials Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

WMCRC Logo New white.webp

The Cyber Resilience Centre for the West Midlands is a trusted resource for  support to protect businesses and third sector organisations in the West Midlands region.

USEFUL LINKS

Home

About Us

Contact Us

Privacy Policy

Terms and Conditions 

Legal Disclaimer

CONNECT WITH US

  • Facebook
  • LinkedIn
  • X

© 2024 The Cyber Resilience Centre for the West Midlands

bottom of page