Small and medium-sized enterprises (SMEs) form the backbone of the UK’s business population, making up 99.9% of its six million-strong private sector operations and employing 60% of the overall workforce, according to data from the Federation of Small Businesses (FSB).
This backbone, however, has been facing tremendous pressure since the pandemic began, with a rising number of cybercriminals pouncing on their digital vulnerabilities, new research from Software Advice has revealed.
The Surrey-based software solutions provider interviewed 500 owners and managers of UK businesses with at most 250 employees and found that 62% of respondents have seen a spike in cyberattacks in the past two years, with 12% saying the increase was significant.
But what’s even more concerning is what the researchers discovered these companies were doing – or not doing – to mitigate such attacks.
According to the study, 48% of respondents said their employees had not received any form of cybersecurity training in the last two years, while 32% admitted they did not have a cybersecurity programme within their organisation. Only half of those interviewed said they have a formal cybersecurity incident response plan in place.
Cost was the biggest issue hampering cybersecurity efforts, with 38% of business owners saying they did not have the financial means to address cyber risks. This was followed by a lack of skilled IT personnel, which a third of the respondents cited as a major hurdle.
“As many small businesses don’t have the resources to invest in cybersecurity, they become an easy target for a cyberattack,” Sukanya Awasthi, content analyst at Software Advice, told cyber risk and privacy management solutions provider IT Governance. “Additionally, as technology evolves and hackers develop new ways to infiltrate into company systems, small businesses are the most at threat.”
She added that while cybercriminals have been willing to invest in new tools, contrastingly, many small businesses have shown reluctance. Awasthi pointed out that cybersecurity measures do not always require huge funds and can be done through proper training and effective management.
To help small businesses address the growing threat of cyberattacks, the National Cyber Security Centre (NCSC) has released a guide outlining ways how they can improve cybersecurity “quickly, easily, and at low cost.”
Here are five simple steps businesses can follow that “can significantly reduce the chances of [their] businesses becoming a victim of cybercrime,” according to the NCSC’s guide.
Businesses handle massive amounts of critical data, ranging from customer information and orders to quotes and payment details – and without them, it would be very difficult for companies to operate. For this reason, the NCSC advises enterprises to implement regular data back-ups.
“All businesses, regardless of size, should take regular backups of their important data, and make sure that these back-ups are recent and can be restored,” the agency wrote in its guide. “By doing this, you’re ensuring your business can still function following the impact of flood, fire, physical damage, or theft. Furthermore, if you have back-ups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.”
These are some factors businesses need to consider when backing up their data, according to the group:
A malware infection can be extremely damaging to a business’ operation, but the NCSC says it can easily be prevented. The agency shares these five “easy-to-implement” tips that can help organisations from falling victim to malware:
“Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones,” NCSC wrote. “What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than 'desktop' equipment.”
To keep mobile devices safe and the data they contain secure, the agency laid down these five tips for businesses:
Laptops, computers, tablets, and smartphones contain a lot of business-critical data, including the personal information of customers and online accounts that the business accesses. Because of this, businesses must protect this data from unauthorised users. According to NCSC, passwords, when implemented correctly, are “a free, easy, and effective way to prevent unauthorised users accessing your devices.”
Here are some password best practices that businesses should follow, according to the agency’s guide:
Phishing attacks have become one of the most common cybersecurity challenges businesses face and with cybercriminals becoming more creative with their tactics, these kinds of attacks have become harder to spot.
“Whatever your business, however big or small it is, you will receive phishing attacks at some point,” NCSC warns. Here are some measures the agency says businesses can take to minimise the impact of a phishing scam: