Cyber-lock-CMS
Posted on

The increasing prevalence of cyber-attacks has led the Information Commissioner’s Office (ICO) to remind businesses to review their security measures and protect any personal information they hold.

According to government figures, UK businesses experienced an estimated 7.7 million cyber-crimes over the past year. Most small businesses store personal information and rely on digital systems.

Ian Hulme, Executive Director for Regulatory Supervision at the ICO, said: “When people share their personal information with your company, they need to feel confident you’ll do as much as possible to keep that information secure. While cyber-attacks can be very sophisticated, we find that many organisations are still neglecting the very foundations of cyber security.”

Practical steps for businesses

The ICO recommends a number of straightforward actions to strengthen data security:

  • Back up data regularly, test the backups and ensure the backup is kept separate from your live data source.
  • Use strong passwords (three random words is a good approach) and enable multi-factor authentication where possible.
  • Be careful about what you say and what documents you have on your screen that others could see, particularly if you work in a public place.
  • Be alert to phishing emails, especially those demanding urgent action or payment.
  • Install and update anti-virus protection on all devices, including those used at home or remotely.
  • Secure your devices by locking screens when unattended and keeping equipment out of sight.
  • Avoid public Wi-Fi or use a secure VPN when working away from the office.
  • Limit access to data so that staff only see what they need for their role.
  • Take care when sharing information, whether via email or by screen-sharing in meetings.
  • Only keep data as long as necessary and ensure old IT equipment is securely wiped before disposal.

Reporting breaches

If a business suffers a data breach as a result of a cyber-attack, it must be reported to the ICO within 72 hours of becoming aware of it.

Further guidance is available on the ICO’s website.

See: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/09/information-commissioner-s-office-shares-cyber-security-tips-for-small-businesses/

The information provided in this blog is for general informational purposes only and should not be considered professional advice. As far as we are aware, the content is accurate at time of publication. Torgersens assumes no responsibility for errors or omissions in the content or for any actions taken based on the information provided.

About the Author

Beverley Howells Image

Beverley Howells

Partner
Beverley is a partner with Torgersens, specialising in tax. Her role covers all aspects of taxation, from managing compliance to providing business advice. Her main areas of expertise are in business tax and corporation matters and in particular, acting for owner-managed businesses. Having joined the firm as a graduate trainee, Beverley qualified as a Chartered Accountant in 2000.   Outside of work, Beverley’s favourite place is the beach, enjoying a walk along our beautiful North East coastline. Ideally, she would be joined by a canine companion and has recently started a campaign for her own office dog! 

To get in touch please e-mail beverley.howells@torgersens.com.

Share this story...

More Stories

Striking off vs winding up: What’s the difference for your company?

Striking off vs winding up: What’s the difference for your company?
State pension set for rise - but more retirees may face tax

State pension set for rise - but more retirees may face tax
Making Tax Digital – HMRC recognises the digitally excluded

Making Tax Digital – HMRC recognises the digitally excluded