SME Adviser Series: Is your business protected against cyber threats?

Cybersecurity is not only for larger businesses and public organisations. SMEs are in fact some of the most vulnerable targets for cybercrime, and therefore this topic should be at the forefront of all business leaders’ minds.

“Operating systems are more like milk than cheese – they get worse rapidly with age, not better. The WannaCry attack is a perfect example of the dangers of an out-of-date operating system. Using yesterday’s technology isn’t just inefficient; it’s a great big welcome mat, laid out to invite attackers.”  ~ Dr Mike Lloyd, RedSeal Chief Technology Officer

In 2015/16, recorded cybercrime cost the UK economy £10.9 billion, with the average cost per attack for small businesses being estimated at £3,000. What’s more, nearly half of UK businesses have reported a cyber breach or attack in the past 12 months.

But, whilst cyber attacks cost organisations like yours thousands of pounds and cause lengthy periods of disruption, new security need not be hugely expensive.

Here are some points to help SMEs safeguard against cybercrime and be prepared:

1. Change your mindset on cybersecurity. Understand the risks that a cyberattack poses for your business, then design and implement a holistic cybersecurity strategy.

2. A single mistake by an employee could put your business at risk. Educate your staff on cybersecurity and equip them to implement protective measures daily, such as installing relevant software and app updates, backing up important data, being aware of phishing, and setting (and securing) strong passwords. Train them to protect themselves and your business from a cyberattack.

3. IT and cybersecurity are not one and should not be considered as such. You cannot ask your IT team to test their own systems. SME leaders must implement stringent governance structures to ensure that the two functions (on-site IT and on/off-site cybersecurity) are managed independently and undergo stringent and continuous reviews.

4. Around the clock monitoring. Invest in technology that allows for 24/7 monitoring of your systems. Ensure that any potential vulnerabilities are readily identified and resolved – and be prepared to respond to attacks immediately to minimise and contain any damage.

5. An attack could put off your customers and damage your hard-earned reputation. Show them and your stakeholders that you take this issue seriously!

To assess how cyber secure your SME business is, you can start by completing the UK Government’s cyber-essential quick self-assessment questionnaire, which may help to give you some context.

IT security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks.

If you have any concerns relating to this matter, we are able to put you in touch with companies within our extensive network of contacts who will be able to assist. It’s part of our commitment to supporting SME businesses by providing holistic business advisory services.

For further information, please contact Gareth Dalton or your usual Beavis Morgan Partner or email