5 ways SMEs can mitigate cyber security risks

875,000 SMEs across the UK have been affected by a cyber attack over the past 12 months, according to data compiled by Zurich.

Of businesses that were affected by a cyber attack, more than a fifth (21%) reported that it cost them more than £10,000 and one in ten (11%) said that it cost more than £50,000.

Yet, despite the volume of attacks and potential losses, nearly half (49%) of SMEs plan to spend less than £1,000 on cyber security in the next 12 months, leaving them vulnerable to substantial losses.

Don’t take the risk of remaining vulnerable. Here are five steps you can take to shield your small business from cyber attacks.

1) Train staff

The majority of cyber attacks take the form of phishing and spear phishing, where cyber criminals target individuals rather than computer systems.

To this end, training employees in basic security practices – such as how to recognise potential threats and what precautions to take – is a must.

Cyber security is everyone’s responsibility, and research shows that traditional cyber security awareness measures can be greatly enhanced by implementing a security programme that creates a total culture change and tackles employee behaviours.

2) Secure wireless networks

Wireless networks can be easily exploited by cyber attackers.

To prevent this, avoid WEP encryption (which can be cracked in minutes) and use only WPA2, which uses AES-based encryption and provides better security than WPA.

For further protection against brute-force attacks, protect your network with a complex passphrase containing at least 25 characters and including a mix of letters (upper and lower case), numerals and symbols.

Wireless network penetration tests can help you spot the cracks in your network.

3) Keep software updated

Up-to-date software will help you guard against the latest threats and keep your infrastructure secure.

Pay attention to any notifications about updates to your operating systems or antivirus software. Ignoring them can leave cracks in your defences.

4) Control access

Administrative access to your systems should only be granted on a need-to-know basis. Keep sensitive data – such as payroll – out of the hands of anyone who doesn’t need it to do their job.

5) Back up data

Small businesses can lose data as well as money in a cyber attack. Conducting regular backups will make sure you can still access your data in the event of a breach or event.

Backup services such as Dropbox offer a cost-effective solution, with plans starting from as little as £10 a month.

ISO 27001 and cyber resilience solutions 

The only comprehensive solution to the growing threat of cyber attacks is to implement a robust approach that tackles all aspects of information security throughout the organisation.

ISO 27001 provides a proven framework that helps organisations protect their information through effective technology, auditing and testing, organisational processes and staff awareness programmes.

Nearly 30,000 companies have already taken the step to achieve certification to the Standard, enabling them to reap the benefits of an independently audited security posture.


Be better prepared for a cyber attack with proven solutions from the team that led the world’s first successful ISO 27001 implementation.

Learn how ISO 27001 can help you secure your business from a cyber attack with the most comprehensive ISO 27001 implementation training available in the UK >>>