Telling the truth about SME life today

Small Business Guide To Cyber Security

Cyber security for business

When hearing about cyber attacks in the news, SMEs can often be lulled into a false sense of security, because usually it’s large organisation breaches that make headlines. However, this is not a true representation of the facts on the frontline. SMEs are in most cases more vulnerable to cyber attacks than larger organisations.

A recent survey conducted by the British Insurance Brokers’ Association (BIBA) found 96% of all cyber-attacks are directed at SMEs. This demonstrates that SMEs are not immune to cyber attacks and could be at imminent risk of one. It’s important that SME leaders consider the financial and reputational risks of not being cyber secure.

Understandably, SMEs often lack the resource and time to invest in robust cyber security measures and end-user training, which is something bad actors are all too aware of. With just 28% of small and 52% of medium businesses having invested in cyber security awareness training in the last 12 months, it’s a topic that needs addressing, fast.

Cyber security can feel like an overwhelming problem to address because it’s an ever-moving target, threats evolve and change in line with technology. It’s not a one and done scenario, it’s a continuous improvement cycle to stay one step ahead. Overall, it can be a resource intensive task which keeps your employees and leadership teams away from focusing on what matters most. 

However, there are basic boxes to be ticked that will guide you on your journey to becoming cyber secure. Here are our top tips for better cycber security for small businesses:

Place your Protection

It’s key SMEs start with the basics. Think firewalls, malware protection and encryption. All with the same purpose to protect data, systems, and people in your organisation. 

So, what is a firewall?

Network firewalls safeguard your business. They add a layer to your onion of protection against attacks and bad actors. Essentially, they prevent traffic on your networks and employees’ devices from sources that do not meet the security protocols you have implemented. 

You should be implementing a firewall with a:

  • High performance level, including HTTPS decryption and content inspection
  • Zero-day defence
  • Phishing prevention with domain name system
  • VPN and remote working capabilities 
  • Automation


Malware protection

Malware is born from the combination of both malicious and software. If it enters your network, it will navigate your IT systems, copy data, remove backups, and disable access to your applications. It usually finds its way into your systems via malicious email, infected websites or through poorly protected remote access. A zero-day attack that leverages an unknown vulnerability in an operating system or other software are also used as an entry point.

Malware comes in many forms, here are three:

  1. Ransomware – a process that blocks access to your files and systems via encryption, with financial demands to restore access.
  2. Spyware – collects information and activity about users and organisations without you knowing it.
  3. Worms – a threat that spreads itself throughout the network by replicating itself.

The best way to prevent Malware from entering your businesses networks or devices is via:

  • Endpoint, Detect, Response (EDR) protection for all servers and endpoints.
  • Operating system patching and vulnerability management.
  • Implementing a firewall.
  • Securing access to your systems for remote workers.
  • Educating employees to ensure they know what to look out for.


End user education

In most business scenarios less is more always win. But with cyber security there is always room for more. That’s more training to educate your end users on how to spot cyber threats and suspicious activity.

It’s basic, but did you know 95% of breachers are a caused by human error? It’s a quick win you can’t afford to miss. 

Go back to security basics, covering training on:

Creating a strong password. Ensure your employees are using passwords that are 15 characters or more, including letters numbers and symbols. Inform them to stop using pet or family names and use unique passwords for each site or system. Finally, implement mandatory two-factor authentication 2FA and MFA authentication, which are greats ways to add another layer of protection if passwords are compromised. 

Spotting phishing emails. Employees should be informed to be wary of suspicious links and attachments. If they are unsure, they shouldn’t click on them. In addition, they should always check the from address, as it’s often a tell-tale sign. They should also check the email for spelling mistakes or minor differences from known senders. Attackers will also employ a sense of urgency; employees should be aware not to act impulsively and check with IT if they are unsure. 

A worthwhile investment 

Finally, it’s key SMEs don’t overlook preventative measures that can limit or stop these attacks in the first place. While there may be some cost associated with the above measures, it’s a small investment compared to the cost of a breach or attack. When attacked SMEs can be damaged financially and reputationally. Customers can lose confidence and may be at risk themselves, should their data be recovered by attackers.

SMEs can further boost protection by becoming Cyber Essentials or Cyber Essentials Plus certified. The government-backed scheme ensures that businesses have the right protection in place. Cyber Essentials is commonly asked for from businesses working with public sector organisations and can be required to attain Cyber Insurance to cover you financially in the event of a successful attack. 

Cyber security next steps

Ready, set, secure. Get started on your cyber security journey with free resources from Sharp UK, an award-winning technology partner. Discover our free resource pack with posters, employee to-do list and a checklist. 


Related Stories

Most Read


If you enjoyed this article,
why not join our newsletter?

We promise only quality content, tailored to suit what our readers like to see!