What Cyber Threats Do SMEs Face & How Can They Be Mitigated?

Unfortunately, in 2024 cyber security breaches are a fact of life for businesses. Small to medium enterprises (SMEs) can be particularly vulnerable as they have fewer IT resources and may find it more difficult to stay updated with the latest cyber security technologies than larger organisations.

According to research carried out by the government earlier this year, 70 per cent of SMEs in the UK reported cyber security breaches in the past year. The cost of each attack to businesses ranged from approximately £1,205 to £10,830. 

Here’s a look at the key threats currently facing SMEs, and how our West Yorkshire based IT solutions company can help you. 

Managing day to day risks

The government report explains that the common IT threats are not necessarily sophisticated, and can be mitigated by what is sometimes called ‘cyber hygiene’ practice. This means using the most up-to-date malware protection, network firewalls, agreed protocols for phishing emails, and restricting admin rights.

While it is possible to implement all of these measures in-house, in reality they can take up a significant amount of time that could be directed to other areas of the business, particularly if you do not have the resources for a dedicated IT technician. 

By outsourcing your IT security to a specialist service provider, you will have peace of mind that your business is monitored around the clock with the most up-to-date solutions. Here’s a look at some of the basic steps you can take in the meantime.

Provide regular cyber security training

One of the most frequent causes of cyber breaches is human error, particularly via phishing attacks and malware. However with so much information out there, it can be difficult to know where to start or what to prioritise, particularly smaller businesses who may not have any particular expertise in this area, and this can leave the business vulnerable to attacks.

One of the most common weaknesses exploited by cybercriminals is weak passwords. Simply by using an easily guessable password, and/or using the same password across multiple accounts, staff are leaving your business highly vulnerable to attacks. Astonishingly, some of the most commonly used passwords are ‘password’ and ‘123456.’ 

Strong passwords that contain at least one uppercase and one number are advised. It is not recommended to use names of family members or pets, or dates. A quick way to come up with a strong and memorable password is to join three random short words together. 

Phishing emails are another common source of IT attacks on business. This is when cybercriminals go to great lengths to create a genuine looking email with convincing details and graphics. The email tricks the employee into giving access to sensitive information, or into clicking on a link that is infected with malware.

Train employees to scrutinise all emails carefully, particularly if they contain a link or are pressuring them into quick actions or provide access to restricted data. Sometimes the email may purport to be from an established contact, as it may be sent from a hacked account. If in doubt or if any suspected breach has occurred, it should be reported straight away.

Keep all software up to date

Outdated software is a common target for hackers. All software, including operating systems, browsers, and applications should be updated as soon as the latest versions are released. This will help your business to stay protected from cyber attacks as the updates will contain security patches.

Ideally, you should set all devices to automatically update software if this is possible. However, sometimes an update can fail to take place, particularly if the device needs to be restarted or there is an open application that is preventing it from automatically rebooting. Consider using endpoint protection software for comprehensive security coverage.

Additionally, all your data should be regularly backed up to ensure business continuity in the event of a breach or cyberattack. Ideally your data should be stored both in the cloud and at a data centre, and tested regularly so that you can recover it quickly should an emergency situation occur.

Consider gaining cyber security accreditation

An accreditation such as Cyber Essentials will provide your business with a demonstrable commitment to security standards, and is a requirement if you want to work with government departments and certain other organisations. It also ensures that your business follows best practice and is compliant with the latest security standards.