Protecting small businesses from cyber-attacks

Protecting small businesses from cyber-attacks.

Cyber-attacks on small businesses are increasing every year, with new and creative methods being talked about within the news and online. Whilst the statistics and news around small businesses and cyber-attacks are scary, over 98% of (reported) successful cyber-attacks exploit known issues, and can be protected against.

There are several things you can do to protect your business from the worst case scenario.

Basic physical security

Theft of money, business assets, and equipment can lead to business interruption and a data breach. Use CCTV, locks, safe/ lockers, and do not advertise where important information or assets are kept.

Paid Antivirus

Paid antivirus and anti-spyware is incredibly important. Paid antivirus solutions are updated more frequently than free versions. Some free antivirus also use more of your data and usage information than you would agree to if you read the full terms and conditions.

Remove unused software and any unlicensed software.

If you have unlicensed software it may already be infected with malware prior to your download, as hackers can make it available to lure in unsuspecting users. Unlicensed software is usually unsupported, meaning that vulnerabilities and issues aren’t looked for or fixed by the product creator. Having unused software on your system means updating an extra application for the sake of it, and increases the risk of either missing an update, or somebody exploiting it before the update is available.

Updating Your OS

Enable automatic updates on your Operating system, or make checking for updates part of your work routine. Most malware is delivered through email, and more often than not that malware exploits a known vulnerability that has a patch (update) available. Keeping up to date on updates is a major factor in keeping your business secure against malware and exploits.

Safe Browsing & More Secure Passwords

Do not use illegal streaming sites, or untrustworthy sites. Sites that seem too good to be true usually are, and are designed to either deliver malware onto your system or to get your bank/ card information to steal money. Sticking to legitimate sites and activities protects you from being exploited or stolen from.

Ensure you use long, strong passwords. Passwords are the key to accessing any and all systems you have behind them. If they are easily guessable or weak they could be discovered by hackers. Enabling 2 factor authentication on systems and accounts can protect your account from unauthorised access, and give you an indication if someone is trying to access your account, or that your password is compromised and needs to be changed. Getting a password manager can help if you struggle to remember passwords.

Be Aware Of Phishing Attacks

Do not click on links or download documents from emails received from untrustworthy sources. Phishing is the main attack vector/ first stage of almost all cyber-attacks. Threat actors will try to send you emails with news, offers, urgent issues, legal threats, and anything they can think of that may encourage you to click on the links or to give them information. If you get an email claiming to be from someone you know within the business, or from an external party like your accountant, consider verifying the email through another way (phone call, teams message, etc).

Choosing The Most Secure Device Settings

Turn off remote access (RDP) if you use windows. If you use Mac’s you can turn off SSH. Along with phishing, another largely exploited issue is people allowing remote connections to their systems from outside of their home/ organisations. Disabling this feature can help strengthen your security.


Ensure your business is insured, and that your insurance includes cyber insurance. Unfortunately, cyber incidents do happen. In the event that you have a breach insurance can help keep your business afloat and protect your from harm. Insurance alone is not a fix for any of the potential threats mentioned within this article, and should be the final layer of mitigation.

If you have recently started a business, or are an existing start up looking for advice on how to protect yourself from cyber issues please get in touch. We can advise you on protecting your websites and networks, business continuity planning, and training yourself and your staff to recognise potential threats.

Tom Clarkson
Senior Information Security Advisor