Like any other form of crime, when it comes to cybercrime, there’s always the temptation to take the view that “it would never happen to us”. However given that, every single day, more than 65,000 attempts are made to hack an SME in the UK, the risk of cybercrime is real for UK businesses – no matter their size, or their position in the market.

In this article, we outline some of the key points SMEs in the UK should think about around IT security. While most businesses would take at least some precautions, it’s nonetheless worth taking a more structured approach to IT security – even if your business is not enterprise-scale.

The Risks of Ignoring Cybersecurity Threats

Before we look into some of the measures an SME can take to protect itself against cybersecurity threats, let’s first take a look at the risks of not taking those steps. While many businesses may think that they are not a target of cybercriminals the simple fact of the matter is that the automated nature of today’s cyber threat means that everyone is a target. Here is a brief summary of some of the threats your business is exposed to:

• Ransomware. Perhaps one of the most pernicious of attacks, ransomware is where an attacker encrypts your data or blocks your access to your data and demands payment for its release. The risk is, of course, that your data is not released even if you make a large payment.
• Phishing. Increasingly sophisticated, these attacks rely on fake emails and other attempts to try and build trust and thereby gain your confidential data, including passwords to key accounts such as your cloud services or even financial services.
• Malware. While one of the oldest attack vectors, malware can still cause significant problems for small businesses by disrupting hardware and services, requiring costly fixes, and frustrating customers and staff members with service downtime. Modern cyber security solutions often protect against malware – but it is still a risk.

These threats may seem manageable, but in reality, a single attack can be catastrophic for a business – particularly where intellectual property is lost. Today’s tougher compliance environment also means that the legal and reputational fallout of an attack can essentially close a business.

5 Tips for Managing SME Cybersecurity

In other words, misreading the cybersecurity environment can be incredibly costly for your business. In this section, we’ll give you a few key pointers that can help your business keep ahead of today’s cybersecurity risks.

• Keep an eye on good practice

  

  With the cybersecurity threat constantly shifting, security good practice also shifts. While it is a bit of a moving target there is nonetheless enough time to catch up. For example, phishing is a clear danger and it is worth ensuring that your colleagues are thoroughly educated about what to watch out for when it comes to phishing attacks.

  The same goes for password security. Complex passwords are a must, and it is always a good idea to opt into multi-factor authentication if your providers offer it. It’s also worth ensuring that you apply the lowest level of privileges to every account to ensure that where an intrusion occurs the potential for harm is limited. Your IT support partner can help you set this up.

• Design a robust backup strategy

  

  Most businesses now rely on cloud vendors for their technology requirements which means that physical device failure, the usual driver behind backing up, is less of an issue than it was. However, backups still matter – due to ransomware. Today’s ransomware can lock a business out of its cloud accounts which means the data hosted there can also be lost.

  Backups will help your business recover from a ransomware attack – again, paying the ransom does not guarantee that your data will be returned to you. Your backups will also be invaluable if your cloud provider experiences problems – or if user error has led to data loss.

• Partner with an IT support company

  

  Today’s cybersecurity environment is so complex that effectively mitigating every threat on the landscape is incredibly difficult – even if your business has employees with IT skills. Your IT support partner can help you to improve your existing cybersecurity regime and ensure you have the best cyber security solutions in place.

  Your technology partner will also help you to adapt to new and emerging threats. Where zero-day threats emerge, your partner should reach out and help your company to quickly set up protective measures that ensure even the latest cybersecurity threats are mitigated.

• Update and patch your devices and software

  

  It’s incredibly common for cybersecurity breaches to come down to a lack of patching. In other words, oftentimes companies are hacked simply because they neglected to apply a security fix that was available to the public. In fact, a 2018 survey found that 57% of respondents said that a security breach could have been prevented if only a patch was installed.

  Patching is hard work – but it is without a doubt one of the most effective ways you can protect your business against cybersecurity threats. Catalogue your devices and software solutions and ensure that you monitor for patches – or activate automatic updates.

• Plan for continuity and disruption

  

  Even with the best cyber security solutions in place, your business may still find that it is hacked. It is virtually impossible to truly and comprehensively guard against every single risk out there. That’s why business continuity planning matters so much.

  Your business continuity plan can help your company get back on its feet when critical resources are disrupted. The faster and more capably your business responds to an intrusion, the lower the likelihood of lasting damage to your operations and your bottom line.

  Taken together, awareness and the good practice steps outlined above will help your business guard against cyberattacks – and enable it to minimize harm should the worst happen. As always, it’s a good idea to reach out to your IT partner to ensure your protection is in tip-top shape.