Cybersecurity is crucial for small businesses
Small companies tend to neglect the defence of their digital data, but the risks are very high, says David Prosser.
![Man at a computer](https://cdn.mos.cms.futurecdn.net/SJGgXwwNNEbdNvBUpTUboU-415-80.jpg)
Small and medium-sized businesses (SMEs) are under-protected from cybersecurity risk, while the pandemic has increased their vulnerability to attacks. The European Union Agency for Cybersecurity (ENISA) says a third of SMEs have experienced a cyber incident over the past five years. Half believe that a serious incident could completely sink their company.
Despite this level of risk, most SMEs have only basic protections in place. The majority of smaller firms have taken steps such as installing firewalls and anti-virus software, but only a minority routinely train staff on cybersecurity issues or use more sophisticated protection tools.
ENISA’s data suggests that the five most common threats to SMEs are: phishing attacks; web-based raids; general malware; malicious insiders; and denial-of-service strikes. What’s more, measures introduced by many SMEs during the pandemic, including remote-working practices and contactless-payment options, have given cyberattackers new opportunities.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
![https://cdn.mos.cms.futurecdn.net/flexiimages/mw70aro6gl1676370748.jpg](https://cdn.mos.cms.futurecdn.net/flexiimages/mw70aro6gl1676370748-320-80.jpg)
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
The big challenge, says ENISA, is that managers are not sufficiently focused on the potentially existential threat that cyberattacks pose. As a result, their efforts to counter the threat often fall short of what is required. They don’t invest enough money in cybersecurity, they fail to recruit the right type of cybersecurity expertise, and they favour seemingly quick fixes such as anti-virus software, rather than building a culture of cybersecurity awareness.
Shocking statistics
Such complacency leaves smaller firms exposed. Research published by Vodafone in early 2021 found that 41% of UK SMEs had suffered cyberattacks over the previous 12-month period, with 20% experiencing multiple attacks. It warned that as many as 1.3 million UK SMEs could collapse completely after falling victim to a cyber-attack.
ENISA’s most important recommendation is that SMEs should focus on how to build stronger cultures of cybersecurity, with management working harder to build employees’ awareness. The agency suggests practical steps such as regular cybersecurity audits, training for staff, the development of cybersecurity policies, and work on incident response plans.
More technical steps will also help. Too few SMEs are taking steps to secure their devices, such as installing all software patches and upgrades, encrypting data and focusing on how to manage mobile devices. Network security also needs to be reviewed, particularly as more staff work remotely. Third parties such as suppliers may also be introducing new vulnerabilities.
However, the starting point for many smaller businesses will be to recognise that they represent an attractive target. SMEs are less likely to have robust defences in place than their larger counterparts.
Even simple steps can prove hugely valuable. For example, SMEs that routinely back up their systems and data will be much less vulnerable to ransomware attacks. Firms that introduce multi-factor authentication on remote devices decrease their chances of attackers getting in this way.
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
David Prosser is a regular MoneyWeek columnist, writing on small business and entrepreneurship, as well as pensions and other forms of tax-efficient savings and investments. David has been a financial journalist for almost 30 years, specialising initially in personal finance, and then in broader business coverage. He has worked for national newspaper groups including The Financial Times, The Guardian and Observer, Express Newspapers and, most recently, The Independent, where he served for more than three years as business editor.
-
Revolut finally bags a UK banking licence – what next for the fintech?
Revolut has finally been granted a UK banking licence following three years of negotiations with the regulator
By Kalpana Fitzpatrick Published
-
Could Labour impose a “double death tax” of more than 50%?
Speculation is mounting that capital gains tax will be reformed in the Budget - and one option is to charge bereaved families the tax on top of inheritance tax. We explain how it could work
By Ruth Emery Published
-
Could the new Growth Guarantee Scheme help boost your business?
The new government-backed Growth Guarantee Scheme is aimed at helping businesses recover from the pandemic. Is it worth considering and are you eligible?
By David Prosser Published
-
Revolut founder Nik Storonsky cashes in – what's next for the fintech billionaire?
Nik Storonsky has shaken up the banking industry with Revolut. He is now preparing a new project that could do the same to the venture capital sector
By Jane Lewis Published
-
Is local production making a comeback?
Companies return production closer to home and shorten their supply chains due to the pandemic and geopolitical turmoil. How should investors react?
By Dr Matthew Partridge Published
-
French election: an unexpected win for the left-wing
The snap French election delivered a stalemate. What does this mean for the country's stability?
By Dr Matthew Partridge Published
-
Business owners watch out for capital gains tax reforms
If you plan to sell your firm, look out for changes to capital gains tax rules by the new government
By David Prosser Published
-
How businesses can cut energy costs and boost efficiency
Here's how small businesses can monitor energy costs even though they don't benefit from the Ofgem energy price cap.
By David Prosser Published
-
What could a general election mean for apprenticeships?
Labour and the Conservatives have competing approaches when it comes to apprenticeships and funding young workers. But how are they supporting small businesses?
By David Prosser Published
-
Is online anonymity a necessity for economic and political freedom?
Online anonymity can be abused by trolls, but it remains central to our economic and political freedom, says Dominic Frisby
By Dominic Frisby Published