News article

Simple steps to stay secure and protect your business from cyber-criminals

I’m a firm believer that you should get at least one of three things from your job:

  1. Decent wages
  2. Enjoyment/ Passion
  3. Expanded knowledge

Although I don’t have a passion for selling value-added IT solutions, I am grateful that my previous job opened my eyes to the cybersecurity world and how not-so-blissfully unaware most of us are as individuals and businesses to our cyber vulnerabilities.

The threat

The use of technology has become increasingly widespread and is a key focus for business development in the UK financial planning profession. That has been magnified with the Covid-19 pandemic forcing people to work remotely.

The business-scape has changed a lot since 2019 and remote or hybrid working has become commonplace. This new set-up revealed more vulnerabilities that cyber-criminals can use to target us and capture confidential information, something that the financial sector has plenty of.

Cybercriminals use social engineering, among other tactics, to gain access to our systems. Social engineering encompasses a multitude of malicious activity, including but not limited to, two of the most commonly known cyber scams – phishing and catfishing (classic villain behaviour).

The data they collect can be sold on the dark web or used to threaten the business or individual to ransom – a very stressful and expensive situation to find yourself in, particularly in a profession that has strict GDPR regulations to follow.

But what does that look like?

It can be a phone call pretending to be your phone network provider, a message on Facebook (here are 3 signs that your email from Facebook is a scam), or an email from your boss a bit like this one:

So, what are the steps you can take to keep your own and your client’s information secure?

Staying secure

Let’s use this email example as a starting point.

Use an email service provider that flags up spam and has a junk mail filter.

Look out for giveaways that the message isn’t legitimate such as:

  1. Incorrect email addresses
  2. Poor grammar or spelling mistakes
  3. Prompting urgency (rushing you into acting before taking time to think)
  4. Requests for personal details such as phone numbers, bank details and passwords.
  5. No email footer used – if that’s common practice in your workplace.


Most people will know not to leave the password to their work computer under their keyboard, but there are more things you can do to prevent unauthorised access.

Don’t choose a common password like qwerty123 or Password5, a quick way to generate a strong password is to think about the environment you’re in. What can you see, hear, smell, or taste?

Desk, vanilla candle, “A Thousand Miles” – Vanessa Carlton (banger btw), hot chocolate.

Combine some of these things with numbers and special characters, using both upper- and lower-case letters and you get a strong password.


Input your new password into a checker for some suggestions or reassurance if you’re not sure what you’ve come up with – I don’t know about you but I don’t think a hacker has 2000 years to try and guess a password!

Great, you’ve got that, but you might be thinking “I’ve got loads of apps and systems to log in to, how am supposed to remember all my access codes if I can’t write it down?” Fear not! There’s an app for that, so you’ll only have to remember a couple of logins.

A quick Google search will show you the variety of password managers there are to choose from such as NordPass, RoboForm and 1Password among others. Password managers store your passwords securely and some have other functions such as secure password generation, field filling and two-factor authentication (2FA).

It’s best practice to update your passwords every few months, so a password manager comes in handy once again, you don’t have to remember what changes you made, just update them in the app.


Two-factor authentication (2FA) is another barrier that can help you to keep your accounts safe. It is a randomly generated passcode usually shown on another device that ensures if anyone does get access to your usual logins, they will still need another code to verify that they have the authority to proceed.


Everyone likes a change of scenery once in a while, whether that’s working from home, on a train to the big smoke, or Yardstick’s favourite office away from the office – Café Nero.

But public networks are a hotspot for malicious cyber activity so remote workers should join a virtual private network (VPN) when they’re online.

VPNs protect users by encrypting their data and concealing their IP addresses, leaving them untraceable and able to work with a secure connection from anywhere!


Now you can set up securely, you need to make sure your work is safe because accidents happen, and if that coffee from Nero spills on your laptop, the work you’ve done may be lost forever.

Use a shared digital drive with others in your workspace to save your work, so that it’s accessible even if your device is compromised.

Some shared drives also have the autosave function so you don’t have that overwhelming feeling of dread and frustration if you forget to save your work or your computer crashes, as most of it will be saved for you.

Did anybody ever tell you “You can never be too safe”? They’re right. You can take another precaution and have everything stored on a physical hard drive in a safe as a plan B.

Fraud alerts

So, you’ve followed all of the steps above and you’re much less of an easy target. However, there are some circumstances where your data could still be compromised, and you can’t do much about it.

Services you use could suffer a data breach and your information could be sold and used. You can use a fraud alert service to detect attempts to access your accounts and seek advice on how to keep them secure.

Are we there yet?

Sadly not. More precautions can be taken to keep yourself, your business, and your clients safe, this blog is just a drop in the ocean of information you can learn about cybersecurity. Indeed, there are whole courses you and your staff can take to navigate the risks presented.

That being said, I hope what I have shared has given you some ideas or perhaps a refreshed memory of how to stay protected online.

Here at Yardstick, we do offer marketing services and secure website hosting if we’ve built your website. So, if that’s pricked your ears up, get in touch by emailing or calling 0115 8965 300.

Stay in touch


Sign up to receive our hints, tips & ideas to improve your marketing.
As you’d expect, we’ll never pass your details to anyone else and if you don’t like what we have to say, you can unsubscribe at any time.