Top cyber security tips for SMEs


Cyber crime is on the rise across the world and small businesses are still highly vulnerable to attack. Though this may seem like small fry in the grand scheme of things that start-up owners need to keep track of on the daily, cybercrime costs millions across every industry in the UK each year.

For SMEs who handle customer data, such as payment and contact details or addresses, the cost of vulnerable data could be seriously damaging to the health and future of your business. Hiscox estimate that the average cost to SMEs of cyber crime is £25,736 a year and the average fine handed out by the Information Commissioner’s Office (ICO) last year was £146,000.

While cyber crime may not be completely avoidable in today’s world, doing your best to prevent it happening in the first place can not only keep your business afloat but ensure that your customers keep their trust in you and encourage their retention.

The most common reason for data breaches

Even with basic cyber security procedures in place, most SMEs are still vulnerable to the most common security issue. Over 90% of cyber-related incidents are actually caused by user interaction. This means that, even with the most comprehensive cyber security regulations in place, if your staff aren’t operating with awareness, your business is still at high risk.

Ensuring that your staff know how to spot common problems like phishing emails is one of the safest things you can do for your business. Spotting common grammar mistakes, discrepancies in the sender’s email address and being asked to give away sensitive data through the email are all signs of phishing. Paying for basic cyber security training may seem like an unattractive cost for a small business but is much preferable to massive fines from the ICO which could send you under.


Thanks to the new GDPR, responsibility is now on companies to pre-emptively tackle data breaches. The largest fines equate to 2% of previous year turnover or 2 million, or 4%/4 million depending on the severity of the breach and whichever value is higher.

Cyber security measures will help you handle your clients’ data with extreme care and help you be prepared should a breach actually happen. 37% of SMEs don’t have a cyber security plan and 40% wouldn’t know who to contact in the event of a crime. Making sure you have both of these things covered can not only help your business survive but actually increase your trust value with customers and stakeholders.

For small businesses operating as part of a supply chain, it might actually be required that you practice a high level of cyber security by your suppliers. Putting cyber security best practice in place before you approach bigger businesses can give you a competitive edge in bids.

Keeping systems updated

While hackers are becoming more sophisticated every day, they’re still most likely to take the easiest route they can. Identifying vulnerabilities in older versions of desktop or app software can lead to yours and your clients’ data being compromised. Software developers regularly create patch updates when they identify issues with the software’s operations, which can include security risks.

This most famously resulted in the NHS being hit by the WannaCry ransomware software in 2018 which cost them thousands of pounds and meant appointments across the UK were cancelled until the data held at ransom could be retrieved. The reason the NHS was so vulnerable was because many of their computers were still running on Windows 2007 which was no longer receiving security updates.

The Internet of Things

IoT is the interconnectivity between devices we use, such as smart heaters you can operate through your phone or cloud-based data storage across your computer, phone and smartwatch. These devices are often vulnerable because only 40% of data on the cloud is access encrypted and most IoT device owners don’t change their default password. In addition to this, 58% of businesses say they wouldn’t even know if their IoT devices had been breached.

If your business operates on any kind of interconnected network of devices, cyber criminals could take advantage of this to break in, spread across the network and steal your information. Protecting your cloud-based data behind security software and password authentication is a simple step all SME owners can take to stay ahead of the hackers.

Cyber security consultants

In small businesses, margins can be tight so employing temporary consultants may feel like an improper use of your money. However, given than GDPR requires you to report a data breach to your customers within 72 hours, a chink in your armour could cost your business hugely, both in lost revenue and in reputation as consumers become more data savvy.

Having a professional take a look at your security system can help you identify issues you didn’t even know you have. Penetration testers are ‘ethical hackers’ who think like the criminals to attempt to penetrate your defences and identify weak spots for you to change. Running tests like this even once can help fortify your defences and can be a one-off cost which keeps the ICO from your door.

This article was written by Damon Culbert from Cyber Security Professionals, specialist IT security jobsite worldwide.