7 steps to become a cybersecure SME

Our 7 tips to make your small business more cybersecure

It won’t shock you to know that ‘123456’ consistently ranks as the most common – and therefore most easily guessable – digital password. It may be more surprising to discover that small businesses across the UK face upwards of 10,000 cyber-attacks every day, and that only a third have even the most basic cybersecurity measures in place to protect them.
 
The belief that no one will hack your business because it’s not big enough could not be further from the truth -   in 2019 alone, 43% of cyber-attacks involved small business victims – I dread to think of where that figure stands today.
 
Insecure passwords are just one of a range of potential exploits that can be targeted by hackers and fraudsters to bring down a small business. A recent Vodafone SME cybersecurity report found that almost a quarter could not continue to operate following a successful cyber-attack, which carry an average cost of over £3,000.
 
With World Password Day just around the corner (5^th May), now is a great time to review the protections you do have in place for your small business, and to take steps towards building a more robust SME cybersecurity strategy.
 

1. Understand the threats 

They say knowledge is power, and it’s certainly the first line of defence when it comes to protecting your small business. While the world of malware, phishing and distributed denial of service attacks might seem intimidating and complex on the surface, the good news is that cybersecurity risks can be simple to understand if you know where to look. The UK National Cyber Security Centre (NCSC) is also a great place to learn more about how cyber attacks work, and you can download the Vodafone cybersecurity myth-buster to tackle common misconceptions about digital safety for small businesses.
 

2. Sharpen your skills 

When it comes to being a cybersecure SME, having the right skills is just as important as having the right tools. We know from more than 130,000 businesses who accessed Vodafone V-Hub support over the past 12 months that cybersecurity is one of the most in-demand areas for upskilling, and often it’s about making the most of technologies that you might have purchased but not yet activated.
 

3. Train your team

 Cybersecurity is everyone’s responsibility, but it’s your responsibility as a business owner to make sure all team members are trained to identify risks and mitigate them. Human error is thought to be the leading cause of data breaches – it only takes one lost device or malicious link clicked to threaten the whole business. Ensuring all team members are clued up on cybersecurity is even more critical in the new digital-first work environment, too – our research found that 4 in 10 UK SMEs had experienced a cyberattack at the height of the Covid-19 pandemic, with 2 in 10 having experienced six attacks or more in that time.
 

4. Update systems regularly 

Installing software updates can be time-consuming, but it’s certainly time well spent. Outdated apps and operating systems often have vulnerabilities that are well-known to cybercriminals and exploiting them can compromise your network. It’s not just security patches for employee devices, either – ensure your Wi-Fi router’s firmware is updated, otherwise you run the risk of providing backdoor access to internal systems for hackers and fraudsters.
 

5. Shore up your defences 

The UK has a fantastic cybersecurity industry, but our business.connected research revealed that UK SMEs aren’t always making the most of it – two-thirds don’t have even basic cybersecurity protections in place, such as antivirus software or two-factor authentication. It’s why Vodafone partnered with Cisco when designing the Complete Connectivity broadband solution. Broadband is the lifeblood of the modern small business, and with advanced security features from Cisco built-in as standard, including Advanced Malware Protection and Intrusion Prevention, you’ve got everything you need to stay connected, secure and in control.
 

6. Backup your data 

The target of most cyberattacks is data, either that of the business or that of your customers. Data is a critical commodity for small businesses to protect – how could any SME operate without access to customer contact details, order and invoice histories and payment information? It’s also why ransomware attacks, which encrypt data until ransom demands are paid, are becoming increasingly common. While backing up your data won’t make you less susceptible to ransomware, regular backups do limit the damage that such an attack can cause. A combination of cloud storage and hard drive backups mean you’re always in a position to recover critical business data wherever you’re working from.
 

7. Prepare for the worst

While a solid cybersecurity strategy will drastically reduce the chances of your small business falling victim to an attack, you still need to prepare in case cybercriminals do gain access to sensitive data. Any data breach needs a swift, robust incident response plan and an incident response team to implement it. Ensure you know what data your business collects, how it is stored and what your legal obligations are in the event of a breach, both to your customers and to the authorities. With the right tools in place, a breach may never happen – but it’s always better to have a plan and not need it, rather than the other way around. 

If you’re looking for further support and guidance on how you can manage cybersecurity threats, build an incident response plan and prepare your team, take a look at V-Hub by Vodafone which provides resources and best practice guidance on managing cybersecurity risks, as well as access to free one-to-one support from a team of expert advisers.

Andrew Stevens

Andrew Stevens is Head of UK Small & Medium Business at Vodafone, and leads a team providing insight, expertise, and SME-focused tech solutions for the UK’s growing network of small and medium businesses.