The high street has struggled to return to pre-COVID sales figures but is showing some signs of growth. When non-essential shops were forced to close during lockdown, consumers were forced to shop online - and that looks likely to continue.

For some small businesses this was devastating for their retail outlets and physical businesses. However keen entrepreneurs were driven to adjust their businesses to survive this crisis and technology became their savior. A staggering 85,000 stores appeared online in the three months to July 2020. However, business owners are being urged to review their online presence considering security issues posed with ecommerce trading. E-commerce offers endless sales opportunities, nationally and even internationally, but it does not come without risks. 32% of SMEs have been the target of cyber scams or malware, however only 6% would be investing in additional cyber and digital security.

I realised quickly that some small businesses need some IT re-education. We have created some top tips to improve online security - for some immediate peace of mind.

Understanding data that should not be shared

As a smaller business you may be working with just a few members of staff, but it is essential that they know what data is sensitive and what should not be shared. Training staff could prevent internal data breaches, especially when it comes to GDPR (UK-GDPR from 2021). If your e-commerce site is hosted on Shopify, this data should not be downloaded or shared.

Security protection and updates on local computers

Although this is common sense, it is disturbing how many companies have out-of-date and even obsolete security software on their local computers. All anti-virus and malware software should be updated regularly. You must make sure all software installed is set to perform updates automatically.


Encrypt sensitive data at rest and in transit. Use of encryption allows only those with access to decrypt the contents of the file. This means that even emails sent to other parties with personal data in them, are safe from anyone intercepting the data.

Cyber Essentials

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. Certification gives you peace of mind that your defences will protect against most common cyber-attacks - simply because these attacks are looking for targets without Cyber Essentials technical controls in place.


As mentioned above, updates are essential for all software. Consider two-step verification too - to provide that extra layer of security. Encourage your staff to update localised passwords frequently - monthly is acceptable. Educate staff on identifying harmful emails - do not follow links or enter account information on anything received in an email. Ensure all networked passwords are secure and impossible to predict - change them regularly and only allow single person access per machine. Audit your systems regularly, and where you can, use external sources to review and monitor the company systems - the extra set of eyes can make all the difference.

Online security should be risk assessed at the earliest convenience. If, as a small business owner, you have rushed to complete your transition to online, now is the time to sit back and analyse how robust those systems are. A customer data breach could be a costly exercise - not just the financial implications, but this could become legal and involve large fines for the business. Either way it will be detrimental to the business' reputation. I would advise that anyone now selling online to bring in an external, professional and specialist set of eyes to overhaul your systems and protect you for the future.

For more information please visit  Ilux