Best practices to protect your organisation from security breaches
According to the UK Government Official Statistics, the Cyber Security Breaches Survey 2025 published this April reveals that almost half of businesses (43%) and a third of charities (30%) have experienced a cyber security breach or attack in the last 12 months. This accounts for approximately 612,000 businesses and 61,000 registered charities.
Among those identifying any breaches or attacks, it is estimated that, the average cost of the most disruptive breach was £3,550 for businesses and £8,690 for charities.
Among the organisations that experienced breaches or attacks in the past 12 months, phishing attacks were reported as the most disruptive types of attack, affecting:
- 85% of businesses
- 86% of charities
- 89% schools and
- 97% further and higher education institutions
where increasingly sophisticated methods, such as AI impersonation, are becoming mainstream.
With data breaches dominating the headlines in the past few weeks, how prepared is your organisation in the event of a cyber attack? Discover our 9 best practices to protect your valuable assets from the threat of a security breach.
9 ways to build cyber resilience across your organisation
1. Use strong passwords
An easy way for hackers to breach networks is to guess usernames and passwords, and they use sophisticated tools to do this. Staff should be advised not to use common passwords, nor use the same password across multiple devices. We recommend deploying a password management tool which generates complex passwords which are harder to exploit. It should be noted that it is no longer recommended to enforce regular password changes as research shows this is counter-productive to good password hygiene.
2. Apply patches and security updates
Unpatched software is an easy way for cyber criminals to access networks. By applying patches and security updates to all systems and software, you can reduce the number of security vulnerabilities on your networks. You can even use a patch management system that automatically manages updates to maintain information security.
3. Install antivirus protection and firewalls
Antivirus software and firewalls monitor, detect and block malware and suspicious viruses from entering devices and compromising data. They should be installed on every device and regularly reviewed to ensure they are all actively working and remain up to date.
4. Use multi-factor authentication
Multi-factor authentication (MFA) acts as an additional layer of security to protect users from cyberattacks. Users are alerted to any attempts to log in to their account – and it wasn’t them, they should be encouraged to immediately report it to the IT security team. MFA alone is the most effective first line of defence and should be considered compulsory for all organisations.
5. Staff training
95% of breaches involve a human element so effectively, your people are the first line of defence in preventing a cyberattack. End user education and awareness are critically important to prevent security breaches. All employees should receive regular cyber security training how to recognise phishing emails and other security threats – as well as how to report them to help the IT team identify the attack, remove intruders, and immediately secure all accounts. Microsoft 365 contains inbuilt tools to help spot weaknesses in the way staff detect and manage phishing attempts. Contact us to find out if this is included in your plan.
6. Know your network
Ensure you can identify all devices and users on your network to detect any suspicious activity, such as users accessing files they don’t need or moving files to other parts of the network. We suggest that you log activity for at least month to track activity to defend your network effectively.
7. Backup your network and test regularly
Regular backups and testing are vital processes to maintain cyber resilience and minimise disruption in the event of a cyber threat. One of the most effective data backup strategies is the 3-2-1 rule, where you should hold 3 copies of your data, with 2 copies stored on different media, and one at an offsite location.
8. Assess your vendors and monitor supply chains
You may allow external stakeholders and other third parties to have access to certain elements of your network. Remain up to date on users to ensure any access that is no longer required is removed immediately. It’s also worth looking at your suppliers’ security practices, as if their network is breached, yours could be compromised, too.
9. Create a solid cybersecurity policy
A clear cyber security policy provides essential guidelines and processes how to detect, respond and remediate in case of a breach. A comprehensive policy should include a disaster recovery plan, access management, security testing and an incident response plan so your staff and IT teams know the steps and procedures that should be implemented in the event of a cyber threat to ensure operations resume as quickly as possible.
How to improve your cyber resilience in 2025
It is estimated that there were 8.58 million cyber-attacks on UK businesses in the last 12 months, including approximately 680,000 non-phishing cyber-crimes. UK charities have experienced approximately 453,000 cyber crimes of all types in the last 12 months.
Today, a cyberattack is no longer a matter of if for your organisation. It’s a matter of when.
The best way to ensure that your organisation is safe is by applying proactive measures. Now.
AspiraCloud can enhance your existing security processes or even design and implement a new cyber resilience plan for your school, charity or business. Find out more about our cyber security services or simply contact us today.
Get prepared and get protected.