Reports into the uptake of cybersecurity measures and cyber and cyber insurance solutions in the UK often zero in on how small and medium-sized enterprises (SMEs) are faring in an uncertain cyber market. This is of little surprise given that SMEs form the backbone of the UK’s business population - making up 99.9% of its six million-strong private sector operations and employing 60% of the overall workforce, according to data from the Federation of Small Businesses (FSB).
SMEs have been under significant pressure since the COVID-19 crisis began, as an increasing number of cyber criminals have sought to infiltrate their digital vulnerabilities. Recent research from the advisory firm Software Advice revealed that 62% of UK businesses with less than 250 employees have seen a spike in cyberattacks in the past two years, with 12% saying the increase was significant. Even more concerning is that very few companies are actively working to mitigate these attacks.
The study found that 48% of these businesses admitted that their employees had not received any kind of cybersecurity training in the last two years and almost a third of those surveyed stated their organisation did not have an internal cybersecurity programme. Meanwhile, only about 50% said they have a formal cybersecurity incident response plan in place.
So, how can small businesses protect against cyberattacks? There are several practical, simple and low-cost steps businesses can take to offset their cyber exposure according to a guide released by the National Cyber Security Centre (NCSC).
1. Conduct regular data back-ups - Businesses handle massive amounts of data which is critical to their continued operations. As a result, the NCSC advises enterprises to implement regular data back-ups.
2. Protect the business from malware - A malware infection can be extremely damaging to a business’s operation, but can be easily prevented by following the right protocol.
3. Keep mobile devices safe – Mobile devices are now an essential part of modern businesses and store significant information. Therefore, businesses should take all necessary steps to protect this information, particularly when these devices leave the safety of the office.
4. Use passwords to protect data – All personal hardware contains a lot of business-critical data and businesses must work to protect this data from unauthorised users. When implemented correctly, passwords are a free, accessible and effective way to prevent unauthorised users from accessing your devices.
5. Avoid phishing attacks – Phishing attempts are one of the most common cybersecurity challenges. Businesses are advised to take all necessary precautions to stay up to date with phishing trends and stay one step ahead of hackers.
