The Reality for Small Businesses
Cyber attacks aren't just a big business problem. In fact, 43% of all cyber attacks target small businesses, often because they're seen as easier targets with fewer defences.
After working with hundreds of SMEs across the UK, we've identified the five most common security mistakes that leave businesses vulnerable.
1. Weak or Reused Passwords
The Problem: Using simple passwords like "Company123" or reusing the same password across multiple accounts.
The Fix: Implement a password manager and enforce strong, unique passwords for every account. Consider passkeys where available.
2. No Multi-Factor Authentication (MFA)
The Problem: Relying solely on passwords to protect accounts, especially email and cloud services.
The Fix: Enable MFA on all business accounts, starting with email, Microsoft 365, and banking. It blocks 99.9% of automated attacks.
3. Outdated Software
The Problem: Ignoring update notifications and running old versions of Windows, browsers, or business software.
The Fix: Enable automatic updates wherever possible. Schedule a monthly check for any systems that need manual updates.
4. No Backup Strategy
The Problem: Either no backups at all, or backups that haven't been tested and might not work when needed.
The Fix: Follow the 3-2-1 rule: 3 copies of data, on 2 different media types, with 1 stored offsite (cloud counts).
5. Untrained Staff
The Problem: Employees who can't recognise phishing emails or understand basic security practices.
The Fix: Regular, short awareness sessions. Even 15 minutes quarterly makes a significant difference.
Getting Started
You don't need to fix everything at once. Start with MFA on your email accounts this week, then work through the list. If you need help prioritising or implementing these changes, book a free call with us.
