Cyber Security for Sole Traders — 5 Things to Do Today

Cyber security sounds like something big corporations worry about — firewalls, security operations centres, teams of analysts staring at screens. It doesn't feel like something that should be on your to-do list when you're a sole trader trying to file your Self Assessment on time.

But here's the uncomfortable truth: small businesses and sole traders are increasingly targeted by cyber criminals. Why? Because the defences are usually weaker. A large company has an IT department. You've got yourself, your laptop, and whatever antivirus software came pre-installed three years ago.

The good news is that you don't need to become a security expert to protect yourself. Most cyber attacks against small businesses exploit basic vulnerabilities — weak passwords, outdated software, careless clicks. Fix those, and you've eliminated the vast majority of the risk.

Here are five things you can do today. None of them cost much. None of them take long. And together, they'll make your business dramatically harder to attack.

1. Use a Password Manager

We're putting this first because it's the single most impactful change you can make. If your passwords are weak, reused, or stored on a sticky note by your monitor, your entire digital business is vulnerable.

A password manager generates and stores strong, unique passwords for every account. You only need to remember one master password. Everything else is handled automatically.

We've written a detailed guide to choosing a password manager for your business, but here's the short version: download Bitwarden (free) or 1Password (around £3 per month), set it up with a strong master password, and start replacing your weakest passwords — beginning with your email, banking, and accounting software.

This alone eliminates one of the most common attack vectors. The time investment? About 30 minutes to set up, then a few minutes each week as you replace old passwords.

Enable Two-Factor Authentication

While you're in your security settings, turn on two-factor authentication (2FA) everywhere it's available. This means that even if someone gets your password, they also need a second verification — usually a code from an app on your phone — to log in.

Prioritise 2FA on these accounts first:

• Email
• Banking and financial services
• Accounting software (like Accounted)
• Cloud storage
• Social media
• Government services (HMRC, Companies House)

Use an authenticator app (Google Authenticator, Microsoft Authenticator, or Authy) rather than SMS where possible — SMS codes can be intercepted in certain types of attacks.

2. Keep Your Software Updated

Software updates are annoying. They always seem to pop up at the worst moment, and the temptation to click "remind me later" is strong. But many updates include security patches — fixes for vulnerabilities that hackers actively exploit.

Operating System

Whether you use Windows or macOS, enable automatic updates. Both operating systems regularly release security patches, and delaying them leaves known vulnerabilities open.

Web Browser

Your browser is your primary gateway to the internet, making it a favourite target for attackers. Chrome, Firefox, Safari, and Edge all update automatically by default, but check that this hasn't been disabled.

Business Apps

Keep your accounting software, email client, and other business tools updated. Cloud-based tools like Accounted update automatically on the server side, which is one less thing to worry about. But any software installed locally on your computer needs manual attention.

Phone and Tablet

Don't forget your mobile devices. If you use your phone for banking, email, or client communication, it needs to be kept updated too. Enable automatic updates on both your operating system and apps.

3. Learn to Spot Phishing

Phishing — fake emails designed to trick you into revealing passwords, clicking malicious links, or transferring money — is the most common cyber threat facing small businesses. And the fakes are getting better every year.

Red Flags to Watch For

• Urgency — "Your account will be closed in 24 hours unless you act now"
• Unexpected requests — your bank asking you to "verify your details" via email
• Suspicious sender addresses — the display name says "HMRC" but the email address is hmrc-refund@gmail.com
• Links that don't match — hover over a link before clicking to see where it actually goes
• Attachments you weren't expecting — especially .zip, .exe, or macro-enabled Office documents

We've written a comprehensive guide to spotting phishing emails if you want to go deeper. It's worth sharing with anyone who has access to your business accounts.

What to Do If You're Unsure

If an email looks suspicious, don't click any links or open any attachments. Instead:

1. Go directly to the website in question by typing the address into your browser (don't use the link in the email)
2. Contact the supposed sender through their official channels
3. If it claims to be from your bank, call the number on the back of your card

It's always better to spend two minutes checking than to spend weeks dealing with the fallout of a successful phishing attack.

4. Back Up Your Data

Ransomware — malware that encrypts your files and demands payment for their release — is a growing threat to businesses of all sizes. If your data is locked and you don't have a backup, you're faced with an awful choice: pay the ransom (with no guarantee of getting your files back) or lose everything.

A solid backup strategy makes ransomware almost irrelevant. If your files are encrypted, you simply restore from your backup and carry on.

The 3-2-1 Rule

Keep three copies of your data, on two different types of media, with one copy stored offsite (in the cloud).

We've covered this in detail in our guide to backing up your business data. The essential steps are:

1. Sign up for an automatic cloud backup service like Backblaze
2. Keep important files in a synced cloud storage folder (Google Drive, OneDrive, or Dropbox)
3. Maintain a local backup on an external hard drive

If your accounting data is in a cloud-based tool like Accounted, that's already backed up automatically. But everything on your local machine needs its own backup plan.

5. Secure Your Wi-Fi and Devices

Home Wi-Fi

If you work from home — as many sole traders do — your home Wi-Fi network is your business network. Make sure it's properly secured:

• Change the default router password. The default credentials are often publicly known for each router model.
• Use WPA3 encryption (or WPA2 at minimum). Check your router settings — if it's set to WEP or "open," change it immediately.
• Use a strong Wi-Fi password. Not your surname, not your house number, not "password."
• Keep your router firmware updated. Log into your router's admin panel periodically to check for updates.

Public Wi-Fi

If you ever work from a coffee shop, co-working space, or hotel, be extremely cautious with public Wi-Fi. These networks are hunting grounds for attackers who can intercept your data.

Use a VPN (Virtual Private Network) whenever you're on public Wi-Fi. A VPN encrypts your internet traffic, making it unreadable to anyone trying to snoop. NordVPN, ExpressVPN, and Surfshark are all reliable options at around £3–5 per month.

Physical Security

Don't overlook the basics:

• Lock your screen when you step away from your computer (Ctrl+L on Windows, Cmd+Ctrl+Q on Mac)
• Enable device encryption — BitLocker on Windows, FileVault on Mac. If your laptop is stolen, encryption makes it extremely difficult for thieves to access your data.
• Set a strong PIN or biometric lock on your phone
• Enable "Find My Device" on both your phone and laptop so you can locate or remotely wipe them if they're lost or stolen

Bonus: Create a Simple Incident Response Plan

You don't need a 50-page document. Just answer these questions and write the answers down somewhere accessible:

1. If my email is compromised, what do I do first? (Change the password from a different device, check for forwarding rules, notify contacts)
2. If I click a suspicious link, what do I do? (Disconnect from the internet, run a malware scan, change passwords for sensitive accounts)
3. If my laptop is stolen, what do I do? (Use "Find My Device" to locate or wipe it, change passwords, notify your bank and any affected clients)
4. Who do I contact? (Your bank's fraud line, Action Fraud on 0300 123 2040, your accountant, any affected clients)

Having a plan means you'll react quickly and calmly instead of panicking.

You Don't Have to Do Everything at Once

If this all feels overwhelming, pick one item from the list and do it today. Set up a password manager. Or enable two-factor authentication on your email. Or check that your router password isn't still "admin."

Each step you take makes your business measurably safer. And the cumulative effect of all five — strong passwords, updated software, phishing awareness, data backups, and secured devices — is a business that's genuinely hard to attack.

For more technology advice aimed at sole traders, have a look at our roundup of the best free tools for small businesses in 2026.

Accounted helps UK sole traders stay on top of their bookkeeping and tax. Start your free 30-day trial at getaccounted.co.uk

---

Related reading:

• Password Managers for Business — Why You Need One
• How to Spot a Phishing Email — Protect Your Business
• How to Back Up Your Business Data (And Why Most Sole Traders Don't)

Related Reading

• How to Create Professional PDFs and Documents (Without Word)
• How to Use WhatsApp Business for Your Sole Trader Business

Start your free trial and see how Accounted simplifies your bookkeeping.