Expert explains how businesses can transform cyber-security in five strategic steps

A leading technology expert has shared his advice on how SMEs can bolster cyber-security.

Speaking ahead of Small Business Saturday – which comes at the end of the month –

Roy Shelton, CEO of managed services provider Connectus Business Solutions, pinpointed good housekeeping routines are crucial to shutting out cyber-criminals.

A government survey found that 43% of UK businesses – around 612,000 – had experienced a cyber-attack last year.

The average cost of coping with a cyber-attack has increased to £3,500 per incident which is enough to threaten the survival of many small businesses.

Mr Shelton said: “There are tried and tested ways that can be easily adopted by any business that is concerned about succumbing to a cyber-attacks, where criminals very often exploit a lack of vigilance by staff get get through the door.

“The number of ‘nationally significant’ attacks has sharply increased from 89 to 204 in the 12 months to September, which is an indication of how much pressure there is on businesses currently. We have also seen a 200% increase with the number of failed attempts which we have proactively protected our customers from compared this time last year.

“Jaguar Land Rover lost an estimated £1.9 billion due to the cyber-attack that hit them and there have been other high-profile victims, including Harrods and M&S, but small businesses make up half the economy and the impact of an attack for them could be an existential risk.”

“Here are five practical suggestions that businesses can adopt today, all which will go a long way to ensuring they are safe from cyber-criminals.”

1. Adopt Multi-Factor Authentication (MFA) Everywhere

Passwords alone are no longer enough. Over 80% of breaches involve weak or stolen credentials. MFA is essential for all business accounts – email, Microsoft 365, cloud services, VPNs. Consider using free app-based authenticators, like Microsoft Authenticator or Google Authenticator, instead of SMS codes for stronger protection.

2. Keep Systems and Software Up to Date

Unpatched software is a top attack vector for hackers exploiting known vulnerabilities. Enable automatic updates on all devices and servers. Regularly review and retire unsupported systems. Maintain an inventory of all hardware and software to track patch status.

3. Educate and Test Your People

Human error is still the biggest cyber risk, from phishing to accidental data sharing due to poor processes or falling for social engineering scams. Run short regular training sessions on phishing awareness, password hygiene, and safe file sharing. Simulate phishing attacks to measure awareness and improvement. All of which can be automated via apps such as Knowbe4.

4. Back Up Critical Data Securely

Ransomware can cripple a small business, but solid backups mean you can recover quickly. Use the 3-2-1 rule: 3 copies of data, 2 types of storage, 1 offsite or cloud backup and more importantly test restoring from backups regularly. Also, ensure backups are encrypted and isolated from your main network.

5. Implement a Layered Defence Strategy

No single tool can stop every attack. Layers of security reduce the risk of a single point of failure. Deploy endpoint protection, email filtering, network intrusion detection, and firewalls that operate 24 x 7 – hackers do not sleep – along with staff training.

Above all use a reputable managed service provider (MSP) or security partner to monitor and respond to threats. Ensure that if there is an attack, remediation can begin immediately and the incident managed professionally.