Cyber security tips to like and follow this #WorldSocialMediaDay

Business websites are today’s high-street shop window, with social media helping to raise brand awareness and direct traffic in the way that billboards and direct marketing continues to for physical stores.


The Office for National Statistics reported that about 57% of small businesses in the United Kingdom use social media for marketing purposes.


But what would happen if your storefront was taken over, your customer book stolen, the window display changed to abusive messages and the door locked so that you couldn’t get in to change it back? In the physical world this would confuse your regular customers, maybe losing trust with theft of their data, as well as deterring new people from doing business with you.


The online world is no different. What would you do if your social media account was taken over, the password changed so you couldn’t get access, explicit messages sent to your customers and their records encrypted or stolen?


In the Eastern region, 121 business reported social media or email hacks to Action Fraud in 2020, with reported losses of £308.2k. Limited companies being the most affected, followed by sole traders indicating that business size is not always a consideration for cyber criminals.


Here are some recommendations for keeping your digital keys to your storefront as safe as the physical ones.


  • Use unique passwords for each account – use a password manager if you can’t remember them all


  • Ensure you have 2-factor authentication on all your social media, email and web hosting/domain accounts – that way even if your password is leaked, cyber criminals still shouldn’t have access. For the verification, use an authenticator app rather than email or text, as it’s offers greater security


  • Does your website provide easy access to criminals in terms of known vulnerabilities? This is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets.


  • Consider the ‘what if’ and have a business continuity plan (BCP). A BCP is an outline of your business strategies to ensure continued productivity, minimal damage, and quick recovery during an emergency (and losing control of your digital shop window and a data breach is definitely counted as an emergency).


  • The National Cyber Security Centre (NCSC) has put together this handy video, bitesize guide on how to prepare your response to cyber-related incident.




The ECRC is here to connect with business owners and decision makers looking for ways to improve cyber resilience in an accessible way. Our services include:


  • A cyber business continuity exercise – this is a practical, scenario-based exercise tailored to your organisation to test your business continuity plan and recovery


  • Web application vulnerability assessment – how secure is your website? Does it contain vulnerabilities just waiting to be exploited? Our assessments can help identify these weaknesses so you can fix them.


  • Cyber Alarm - the Police CyberAlarm acts as a ‘CCTV camera’ monitoring the traffic seen by a member’s connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. The data collected by the system does not contain any content of the traffic. The system is designed to protect personal data, trade secrets and intellectual property.


For more details on any of these services or to speak with the team, please contact us and let us know how we can help.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.