Close dialog
A man drinks from a mug while looking concerned at a laptop

Common Small Business Cybersecurity Mistakes

As cybercriminals set their sights on smaller businesses, we look at the most common cybersecurity mistakes – and how to avoid them.


What is cybersecurity?

Think of cybersecurity as locking the digital doors to your business – shielding your digital infrastructure, networks, and data from cybercriminals eager to get their hands on your sensitive information.

If you’re a small to medium-sized enterprise (SME), you might think you don’t need to worry. But cybercriminals are increasingly eyeing up SMEs as a perceived softer target.

Almost half (43%) of cyberattacks are now aimed at small businesses, but only 14% of SMEs think they’re properly prepared. And human error is a big factor – 52% of breaches were caused by someone’s cybersecurity mistake.

But it’s easily done. Sophisticated cybercriminals are masters at hiding their tracks.
The upside is it’s also easy to learn from mistakes.

Common cybersecurity mistakes to make and how to combat them


  • Sharing passwords
While it’s often limited to accessing licensed business software applications, it's a serious cybersecurity mistake that can spell trouble. At best, you may be giving someone unauthorised access to applications. At worst, it could lead to data breaches and identity theft.

  • Weak passwords
Cyber incidents often result from weak, easily guessable, reused, or sequential passwords. Protect yourself against both common cybersecurity mistakes by using strong, unique passwords for each account. Boost your defences with a password manager and two-factor authentication (2FA) wherever possible.

  • Clicking suspicious links and email attachments
Cybercriminals love banking on people's busy schedules and hasty clicking habits. But this gives malware and phishing attacks the green light. Stay vigilant. Hover over links to inspect the URL and verify the sender before opening attachments. And keep your computer or mobile device safe by downloading the latest antivirus software.

  • Sharing data
Sharing sensitive info without proper encryption exposes you to leaks and privacy breaches. Only share materials with people you trust, and encrypt files and sensitive emails for extra protection.

  • Using work devices for personal use
Mixing work and personal activities on one device might seem convenient, but you run the risk of malware – and breaking company policy. Keep work and personal use separate, avoid downloads from unknown sources, and stick to workplace IT guidelines. If you really need to use your work device for personal matters, secure your connection with a Virtual Private Network (VPN).

  • Out-of-date software or apps
Cybercriminals are constantly upping their game, releasing new malware daily. Not all software systems automatically hunt for new versions, so look out for updates and security patches to plug any vulnerable gaps.

  • Lack of training
If your people are unsure what to look for, and what to do if they suspect suspicious activity, you’re leaving yourself wide open. Carry out regular training sessions on spotting attacks like phishing, email hacking, malware etc. and link it to your business for maximum engagement. 

  • No back-ups
A cyberattack can corrupt or lose your data. In a best-case scenario, it can take time to get back up and running, but losing your data permanently can spell disaster for a small business. Run regular back-ups and store it securely off-site.  

  • Not having a plan
Acting fast is crucial to minimise the fallout from a cyberattack, but if no one’s sure what steps to take or who’s doing what, the damage could be devastating. A cybersecurity plan is your roadmap. Outline the steps you’ll take to protect yourself, including individual responsibilities, and make sure people can access it in an emergency.

The bottom line is that preventing cybersecurity mistakes is a good investment. The global average cost of a data breach in 2023 is estimated at USD 4.45 million, with each compromised record setting you back $164. But that’s not all. Alongside any legal and financial hit, you could lose your reputation, trust, and future revenue as your clients and partners go somewhere safer, leaving you in a precarious spot.

To find out more about cybersecurity, speak to one of our V-Hub Digital Advisers today. 

Lookout Mobile Security

Secure your business mobiles from a host of cyber threats.

Discover more

For more support discover our free business support helpline and ​speak to one of our Business Advisers by phone, contact form or web chat.
Wondering what you can ask? Our team can help with a range of digital topics

Related articles

Let's talk

Free one-to-one support

Available Monday to Friday, 8am-6pm, our friendly team are here to provide guidance and support on the topics that matter to your business.

0808 005 7400

Chat loading...
Content made available to you on this website is for general information purposes. Independent advice should be obtained for your needs. For full disclaimer, click here.

Social Facebook Footer

Social Facebook Footer


Social Twitter Footer

Social Twitter Footer


Social Linkedin Footer

Social Linkedin Footer


Social YouTube Footer

Social YouTube Footer


Social Instagram Footer

Social Instagram Footer