Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

A Guide To SME Cyber Security

Defendza, a cyber security firm specialising in cyber security consulting and managed services, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. 

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Why Do Small Businesses Need Cyber Security?

Business meetings hardly run without thoughts around this subject, and that’s rightly so when you could see the downfall of your business operations within a matter of hours.

Ineffective Internet security in small businesses can have disastrous effects.

A lack of oversight leaves organizations wide open to cyber-attacks, that means data breaches, supply chain cyberattacks or just network-wide undetected compromise for months. From essential office equipment such as printers, scanners to mobile devices and laptops, nothing is immune to cyber-attacks. With the increasing connectivity with Internet of Things and similar technological advances, cybersecurity is adding a complex challenge for safer lives ahead.

Cybersecurity for small businesses can sometimes get overlooked. The importance of cybersecurity solutions today has never been more vital to the long term success of your business. If you have an SME, you need a cyber strategy along with a dedicated solution and secure plan of action going forward.

Cisco Cyber Security Special Report 2018 flagged up the main points:

  • 53% of SMEs experienced a breach
  • up to 5000 average number of security alerts
  • SMEs investigate 55% of security alerts

New statistics from government show over four in ten of all UK businesses and two in ten charities suffered a cyber breach or attack in the past 12 months. When it comes to smaller firms, around 42% identified at least one breach or attack in the past 12 months, that could impact profits and reduce reputational trust.

Majority of these attacks originate using a very common attack known as phishing. These consisted of fraudulent emails from cybercriminals impersonating an organisation that attempt to prompt staff into revealing sensitive information. This information could be passwords, financial information or to run malicious files as attachments.

Small businesses can raise their basic defences and making it difficult for attackers by enrolling to Cyber Essentials initiative and following the regular cyber hygiene practices. UK government along with industry support launched this scheme with the goal of helping organisations protect themselves against common cyber-attacks. Basic level ‘Cyber Essentials’ involves completing a self-assessment questionnaire that are reviewed by an external certifying body before awarding the certification. Second level certification is known as ‘Cyber Essentials Plus’ involves tests of the organisation’s systems that are carried out by the external certifying body.

There is no absolute failsafe.  If anyone says there is, they don’t understand risk management. But Defendza’s offering to SMEs is aligned with government-backed, industry-supported Cyber Essentials, giving you absolute confidence that we’re 100% committed to your security.

5 Cyber Security Suggestions For SMEs

Defendza, a cybersecurity firm specialising in cybersecurity consulting and training matters, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. This does not require high investments in terms of new shiny products or expensive consultancy fees.

So, what are the cybersecurity solutions you need to be aware of?

  1.  Passwords

Ensure that password protection mechanism, such as passcode against PIN on mobile devices, two-factor authentication mechanisms, or other authentication methods are set. If devices support fingerprint, facial or other biometric authentication, the actual password will not be entered many times – therefore a long non-dictionary, difficult to guess password should be used.

Change passwords often and ensure that staff are encouraged to use password managers. Network staff, developers or other technical staff should use privileged accounts (used for administration) that are separated from their corporate accounts used to check emails, daily tasks. 

Change default passwords on all equipment such as network devices, printers, scanners, security devices.

For windows-based laptops, tablets, ensure that in-built encryption products such as TPM (Trusted Platform Module) are enabled and configured. Similarly, FileVault can be used on MacOS.

  1. Malware Protection

Malware damage can interrupt not only business operations but also render data unusable (ransomware). By following simple techniques, it is possible to protect your organisation from the damage caused by malware. Regularly patch all software on devices, laptops, systems by promptly applying the latest software updates. Use anti-virus as a minimum on all systems and turn on host firewall to create a boundary outside your network. Encourage staff to follow secure practices during handling of sensitive data, downloading content and other general security awareness techniques.

  1. Device Safety

Devices used outside the office require more protection than the traditional desktop environment. Ensure that passcodes or biometric authentication are enabled at the minimum.

Use mobile device management solutions to remotely control the device configuration in case they are lost. Ensure that staff are encouraged to avoid free wi-fi areas and use VPN or 4G connections at public places.

  1. Backups

An organisation must be prepared to respond in case of loss of data from theft, natural disasters, physical or other damages. Identify relevant data that must be backed up and ensure that regular backups are scheduled. Tests should be performed to restore data to ensure the validity of backups.

Consider cloud-based backups where possible. This is a convenient way of backups because devices can be configured for back up schedules, back up data is stored in a secure data centre away from the office, and accessible from anywhere.

  1. Phishing

Human factor is often considered the weakest link in the cyber kill chain. Ensure that your staff are well equipped to identify between fake and legit information. Scammers use grammatically wrong or brand names/words with typos to set up fake websites, that are then used as traps for victims. Always lookout for red flags in an email such as spelling mistakes, too good to be true offers, free software offers, sending money, poor grammar. Encourage staff to report suspicious messages, events and share good stories.

Ensure that staff don’t browse the web or check emails from servers or using administrative privileges. This will reduce the impact of attacks in the event user details are stolen.

The above items are ‘good enough’ for a small business to prepare against most common attacks. However, for medium-sized enterprises, we have observed that the demand in our work is often on the back of our experience amongst their sector or peers. Defendza aligned services with Cyber Essentials deliver you both the certification as well as expert advice with mitigation help. We don’t just offer continued advisory services; we help you get your own Cyber Essentials qualifications. Using our blend of tools, expertise and business-focused threat mitigation, we ensure your business is cyber resilient.

Just like your home requires adequate physical security measures to discourage thieves, cybersecurity is very much an ongoing effort to keep organisations safe online. As no organisation is immune to attacks, it will certainly prepare a small organisation for attacks from a preparedness perspective. With these measures in place, it will also substantially make it easier for incident response investigations in the event of an attack.

What Are The Benefits Of Cyber Security For Small Businesses?

  • Protection of key assets such as firewalls, systems, websites and software applications
  • Protect yourself against evolving threats by validating your current assets and preparing mitigation plans
  • Minimise your costs and maximize efficiency by bringing specialists to advise you on your weaknesses than buying expensive products
  • Increased reputation by demonstrating to customers and partners that your business takes Cyber Security seriously
  • Cyber Essentials is now mandatory for organizations bidding for public sector contracts that involve the handling of sensitive or personal information
  • Fast turnaround times for Cyber Essentials (from 24 hours to a few days for Cyber Essentials Plus)

About Defendza ( )

Our Cyber Security Services

Defendza is a specialist provider offering cybersecurity consulting, training services and managed security services. We deliver a truly independent third-party opinion, unbiased expertise free from any inclinations towards vendor partnerships, reselling objectives or promoting any security products. We pride ourselves in being a partner of choice for our clients and helping with their IT security and compliance requirements.

Other articles