The increasing prevalence of cyber-attacks has also led the Information Commissioner’s Office (ICO) to remind businesses to review their security measures and protect any personal information they hold.

According to government figures, UK businesses experienced an estimated 7.7 million cyber-crimes over the past year. Most small businesses store personal information and rely on digital systems.

Ian Hulme, Executive Director for Regulatory Supervision at the ICO, said: “When people share their personal information with your company, they need to feel confident you’ll do as much as possible to keep that information secure. While cyber-attacks can be very sophisticated, we find that many organisations are still neglecting the very foundations of cyber security.”

Practical steps for businesses

The ICO recommends a number of straightforward actions to strengthen data security:

  • Back up data regularly, test the backups and ensure the backup is kept separate from your live data source.
  • Use strong passwords (three random words is a good approach) and enable multi-factor authentication where possible.
  • Be careful about what you say and what documents you have on your screen that others could see, particularly if you work in a public place.
  • Be alert to phishing emails, especially those demanding urgent action or payment.
  • Install and update anti-virus protection on all devices, including those used at home or remotely.
  • Secure your devices by locking screens when unattended and keeping equipment out of sight.
  • Avoid public Wi-Fi or use a secure VPN when working away from the office.
  • Limit access to data so that staff only see what they need for their role.
  • Take care when sharing information, whether via email or by screen-sharing in meetings.
  • Only keep data as long as necessary, and ensure old IT equipment is securely wiped before disposal.

Reporting breaches

If a business suffers a data breach as a result of a cyber-attack, it must be reported to the ICO within 72 hours of becoming aware of it.

Further guidance is available on the ICO’s website.

See: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/09/information-commissioner-s-office-shares-cyber-security-tips-for-small-businesses/