According to the National Cyber Security Centre (NCSC), SMEs face a 1 in 2 chance of experiencing a security breach.

So, what can SMEs do to reduce the risk of becoming victims of a cyber-attack and prevent unauthorised access to the personal information they store online and access via digital devices?

It stands to reason that the better controlled and monitored the IT infrastructure is, the less likely the business is to become a victim of cyber crime.

Top Tips from the NCSC

1. Back up your data
Back up your data and keep the back-up on a separate server, USB device or ideally in the cloud, which means it is stored in a completely separate location. Ransomware and other malware can automatically move to connected storage, and so keeping your back-up disconnected from your main server will help preserve its integrity. Make backing up your data part of your everyday business routine and ensure you limit access to the back-up data.

2. Protect your business from malware and malicious software
Use antivirus software on all PCs, laptops, smartphones and tablets. Ensure staff do not download third-party apps from unknown vendors or sources.

3. Use ‘patching’ to keep all your IT equipment up-to-date
Make sure that the software and firmware on all your IT equipment is always kept up-to-date with the latest versions from software developers, hardware suppliers and vendors. Applying these updates is called ‘patching’ and is vital to improve security.
 
4. Control how USB drives and memory cards can be used
To prevent your company from being exposed to unnecessary risks, implement a policy related to USB drives and memory cards which can easily be infected with malware and other viruses. Provide staff with alternative ways to share files, and only allow approved USB drives and memory cards to be used within the business and not externally. You may wish to consider blocking physical access to ports for most users.

5. Activate your firewall
Most operating systems come with a built-in firewall which works as a buffer between your network and other networks like the internet.


All cyber attack impacts are still greatly influenced by human error. So, it is crucial to educate your staff, running regular in-house awareness campaigns to ensure everyone is aware of the latest cyber threats and what to look out for. This will also help keep the whole organisation alert and joined up in a bid to beat cyber criminals.

Go back to FAQs on Cyber Risk