White Paper: Top 20 things your business can do to prevent a cyber attack
Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
Top 20 Things Your Business Can Do to Prevent a Cyber Attack
Prepared for business owners of small to medium-sized businesses by FortNet UK Ltd.
www.fortnet.co.uk
Introduction
Cyber-attacks are a growing threat to organisations of every size. Small and medium-sized businesses are especially at risk, with over 40% targeted each year. Fortunately, you can dramatically reduce your risk by following practical, proven steps. This white paper explains the top 20 things you can do, why they matter, and exactly how to get started.
1. Staff Cyber Awareness Training
Risk: Human error is the leading cause of breaches. How to Protect:
Schedule regular, mandatory training for all staff.
Use real-world examples (phishing emails, suspicious links).
Test awareness with simulated phishing exercises.
You can find some free training available on the NCSC website however you can have a complete programme fully managed with regular reports to show you where your organisation has strengths and weaknesses by contacting:
FortNet +44 208 154 7626 info@fortnet.co.uk
2. Strong Password Policies
Risk: Weak passwords are easily cracked. How to Protect: Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
Require passwords with at least 12 characters, including numbers and symbols.
Enforce regular password changes.
Prohibit password reuse across accounts.
We strongly recommend password management software, however if you prefer a completely password less approach that is more secure than passwords combined with 2 factor authentication, then we can provide more details and explanation by contacting FortNet +44 208 154 7626 info@fortnet.co.uk
3. Multi-Factor Authentication (MFA)
Risk: Passwords alone are not enough. How to Protect:
Enable MFA on all critical systems (email, banking, cloud).
Use authentication apps or physical tokens, not just SMS.
Unfortunately, criminals have worked out ways around MFA and whilst we recommend that everyone should deploy MFA across everything there are alternatives that provide a password less environment that is more secure than MFA and passwords combined. For more info contact: FortNet +44 208 154 7626 info@fortnet.co.uk
4. Regular Software Updates and Patch Management
Risk: Hackers exploit outdated software. How to Protect:
Turn on automatic updates for operating systems and applications.
Schedule monthly checks for all devices.
It is not just your operating systems that are at risk, all the applications on your devices put you at risk if they are out of date. If you would prefer a fully automated approach to patching your devices then call us to get a quote by contacting:
FortNet +44 208 154 7626 info@fortnet.co.uk Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
5. Install and Update Antivirus/Anti-Malware
Risk: Viruses and malware can steal data or lock systems. How to Protect:
Install reputable antivirus software on all devices. (Do not download free anti-virus products and try to avoid cheap off the shelf products)
Set software to update and scan automatically. Anti-virus can be cheap and is often free with devices and operating systems. We recommend industry leading antivirus that combines several features to detect both known viruses and new threats that are not yet incorporated within purely antivirus products. They will also include encryption and auto-patching in some versions adding several more layers of protection. Ask us for more details.
6. Secure Backups
Risk: Ransomware and hardware failures can destroy data. How to Protect:
Back up data daily to secure, offsite/cloud locations.
Test backup restoration quarterly.
O365, Salesforce, Google WorkSpace and other products do not back up your data, it is essential to back up your data to a secure cloud service. It should be inexpensive and very secure. Try to avoid physical disk back up devices as they are less reliable and can get damaged or stolen.
FortNet can recommend or provide these services.
7. Email Security and Filtering
Risk: Most attacks start with a malicious email. How to Protect:
Use advanced spam and phishing filters.
Train staff to spot suspicious emails.
Whilst some antivirus products and Microsoft provide some email security capability they can miss threats that are embedded. Adding an AI layer of protection means Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
that your inbound email is checked thoroughly for many more threat types and will block those more sophisticated attacks.
We can help you select the best products for your business.
8. Network Firewall Protection
Risk: Unfiltered internet traffic can expose your systems. How to Protect:
Install a business-grade firewall.
Block unnecessary ports and services.
It is very important to make sure you have a firewall on your network. Most Broadband Routers have a built-in firewall already preconfigured however it is essential that the firewall within your computer is also switched on. Some advice about it’s settings can help to make it a bit more secure.
9. Secure Wi-Fi Networks
Risk: Unsecured Wi-Fi is an open door for attackers. How to Protect:
Use strong WPA3 encryption.
Change default router passwords.
Hide network SSIDs and use guest networks for visitors.
WiFi is an easy way for criminals to spy on you. Make sure your WiFi has strong passwords and don’t write the password on a notice board for everyone to see.
10. Limit User Privileges
Risk: Overprivileged accounts can cause major damage if breached. How to Protect:
Grant staff only the access needed for their roles.
Review permissions quarterly.
Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
Whether you use Microsoft or Google, limit the users to what they need access to. Don’t give everyone full access to things like OneDrive, SharePoint or Google Drives.
11. Device Encryption
Risk: Lost or stolen devices can leak sensitive data. How to Protect:
Enable full-disk encryption on all laptops and mobiles.
Use remote wipe capabilities for lost devices.
Encryption is very important. If your device or network is breached but the data is encrypted the criminals cannot use the data even if they manage to steal it. These days criminals are more interested in stealing your data than disrupting your business.
12. Secure Remote Access
Risk: Remote work increases attack surfaces. How to Protect:
Use Virtual Private Networks (VPNs).
Require MFA for all remote logins. Loads of VPN’s are available but avoid free downloads from the internet unless they are definitely from a reputable source.
13. Incident Response Plan
Risk: Delays in response worsen breaches. How to Protect:
Document who to contact and what steps to take in an incident.
Run tabletop exercises annually.
We can advise and guide you in this exercise. Cyber Essentials certification will drive this kind of internal security behaviour. Cyber Essentials will also provide you with insurance so you have some funds to pay for an incident response team. Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
14. Regular Security Audits
Risk: Unnoticed vulnerabilities can persist for years. How to Protect:
Schedule annual third-party security reviews.
Act on audit recommendations promptly.
A network assessment will provide you with detailed information about your network and devices and you will get detailed information regarding where the risks lie and therefore what you need to do to protect your organisation. If you have an assessment, make sure you action the things it discovers as soon as possible.
If you would like an assessment let us know. We can provide complimentary advice and affordable deep dives
15. Physical Security Controls
Risk: Physical breaches can bypass digital security. How to Protect:
Restrict access to server rooms. Keep servers in locked racks and away from coffee machines
Use locks, CCTV, and visitor logs.
There are many physical considerations such as posting passwords on paper, leaving confidential information on your desk, ensuring third parties such as cleaners and other building management people are always accompanied. Visitors, especially maintenance and cleaners should not be able to take photos in your offices.
16. Secure Mobile Devices
Risk: Mobiles are easily lost or stolen. How to Protect:
Require PINs or biometrics.
Enable remote tracking and wiping.
Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
17. Vendor and Supply Chain Security
Risk: Third-party partners can introduce risks. How to Protect:
Vet vendors for their security practices. Ask them tough questions.
Require contracts to include cybersecurity standards.
Supply chains are one of the biggest threats. Most of the recent breaches in the media are due to the suppliers to the breached organisation having poor security practices. It is very important to confirm that your suppliers are taking security seriously. Cyber Essentials certification is one way to reassure you that they are more secure than others. Don’t forget that if they provide a critical service or product to your organisation and they are unable to deliver it due to their own organisation being breached that can have a significant impact on you despite not being directly breached.
If you would like some advice regarding what to ask your suppliers then let us know by emailing info@fortnet.co.uk
18. Data Minimisation and Retention Policies
Risk: Storing unnecessary data increases risk. How to Protect:
Regularly delete data no longer needed.
And delete applications you no longer need
Limit collection of sensitive information.
19. Zero Trust Approach
Risk: Trusting internal users or devices can be dangerous. How to Protect:
Assume no user or device is trusted by default.
Require verification for every access attempt.
Zero Trust is the full security approach to prevent an attack by criminals or by your own staff. It sounds more complex than it really is. Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
If you want to as secure as you possibly can be then we can guide you to a Zero Trust approach.
Call us on 0208 154 7626
20. Continuous Monitoring and Threat Intelligence
Risk: New threats emerge daily. How to Protect:
Use automated monitoring tools to detect suspicious activity.
Subscribe to cybersecurity alerts relevant to your industry.
Round-the-Clock security is possible and doesn’t have to be expensive and can incorporate a lot of the above tips. We call the service a Security Operations Centre. You would get all your systems and network continuously monitored for anything bad or unusual. The systems are watched by specialist security analysts who understand the threats and know how to stop them and contain them. This is the ultimate way for SME’s to defend themselves even when on holiday or asleep.
To understand how this approach would benefit you please reach out and we’ll explain it to you. Call +44 208 154 7626 or email info@fortnet.co.uk
Implementation Roadmap
Phase 1: Immediate Actions
Staff training, password policies, MFA, antivirus, backups
Phase 2: Within 3 Months
Email filtering, firewalls, user privileges, encryption, remote access
Phase 3: Ongoing
Incident response, audits, physical/mobile security, vendor checks, zero trust, monitoring
Top 20 Cyber Security tips June 2025 by FortNet UK Ltd +44 208 154 7626 info@fortnet.co.uk www.fortnet.co.uk
www.fortnet.co.uk Registered office: Linden House, Linden Close, Tunbridge Wells, TN4 8HH Company Registration number: 12610443 VAT no: 363207612 FortNet UK Ltd Cyber Security advice and guidance
Conclusion
Cybersecurity is not a one-time project, but a continuous process. By following these 20 steps, your business can dramatically reduce its risk of cyber-attacks and protect your reputation, customers, and bottom line.
Cyber is Simple, Straightforward and Secure with FortNet
Our years of experience means we have the wisdom to use the tools available to protect you.
For more information or a tailored security assessment, contact FortNet UK Ltd.
+44 208 154 7626 info@fortnet.co.uk
This document is for guidance only and does not constitute legal or regulatory advice. Always consult with a cybersecurity professional for your specific needs.