Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO shares cyber security tips for small businesses

Sep 18, 2025 | ICO

Link(s):Information Commissioner’s Office shares cyber security tips for small businesses | ICO

Context

With cyber-attacks regularly in the news, the ICO is reminding businesses to check they have appropriate security measures in place to protect personal information. Businesses have experienced an estimated 7.7 million cybercrimes over the past year, according to government figures. Most small businesses hold personal information and conduct business digitally, so cyber security must be a priority.

Key points to note and next actions

Some practical steps businesses and their staff can take to improve their data security and resilience:

  1. Back up your data
  2. Use strong passwords and multi-factor authentication
    • Use strong and unique passwords, which are difficult to guess, on all account and devices where personal information is stored. The National Cyber Security Centre (NCSC) recommends using three random words. Where possible, consider using multi-factor authentication.
  3. Be aware of your surroundings
  4. Be wary of suspicious emails
    • Firms and their employees need to know how to spot suspicious emails. Look out for signs such as bad grammar, demands for ‘act urgently’ and requests for payment. New technologies mean that email attacks are becoming more sophisticated. A phishing email could appear to come from a source that is recognised.
  5. Install anti-virus and malware protection and keep it up to date.
  6. Protect devices when unattended
  7. Make sure Wi-Fi connection is secure
  8. Limit access to those who need it
    • Different workers may need to use different types of information. Put access controls in place to make sure people can only see the information they need.
  9. Take care when sharing
    • Sharing screens in a virtual meeting may show the device to others exactly as you see it, including any open tabs or documents. Before sharing screens, close anything down that doesn’t need to be shared and make sure notifications and pop-up alerts are switched off. Be careful when sending emails to multiple people.
  10. Don’t keep data for longer than needed
  11. Dispose of old IT equipment and records securely
    • Make sure no personal data is left on laptops, smartphones or any other devices, before disposal. Consider using deletion software or hire a specialist to wipe the data.

If an organisation experiences a data breach as a result of a cyber-attack, firms should report it to ICO within 72 hours of becoming aware of it. For more advice on protecting personal information, visit the ICO’s security guidance for organisations.
For further support on cyber security, visit the National Cyber Security Centre’s website and the Cyber Essentials programme, a Government-backed certification scheme that helps keep organisation’s – and their customers’ – data safe from cyber-attacks.