The 5 greatest cybersecurity risks for SMEs


At Genie AI we work with important client information, and we take that responsibility seriously. That’s why we're continuously improving our cybersecurity. We’ve teamed up with CyberSmart, a company making cybersecurity simple and accessible to everyone, to train our team and share security tips.

And now we’re sharing those tips with you. Here are the top five cybersecurity risks for SMEs and what to do about them, according to Rob from CyberSmart.

The 5 greatest cybersecurity risks for SMEs

by Rob Stafford, CyberSmart

We all know that cybercrime poses a very real threat to society. But among small business owners, there’s often a misconception that it only happens to large, high-profile businesses. After all, why would a cybercriminal attack a start-up or small business with little to steal?   Unfortunately, this couldn’t be further from the truth. A small business is hacked every 19 seconds in the UK and up to 88% of companies have suffered a data breach in the last 12 months.

So the threat is very real, but which cybersecurity risks should you be most worried about? And, more importantly, what can you do about them?

1. Remote working

2020 was the year the world of work changed forever. But while remote working offers many benefits to SMEs, from happier and more productive staff to real estate savings, it also brings risks with it.

Can you be sure your people will follow the same security protocols they would in the office? The networks, devices, and security tools your staff use at home are likely to be far less secure than those in the office. And it’s not just the tools they use; as ZDNet has reported, 52% of employees believe they can get away with riskier online behaviour when working from home.

So it’s perhaps not surprising that 91% of global businesses have seen an increase in cyber attacks as a result of employees working from home.

What you can do

If your people don’t know which behaviours are harmful, they can’t correct them. So, ensure all security policies for workers are clear and easy to follow. And, if you don’t have a remote working security policy, now’s the time to draft one.

2. Being part of a supply chain

According to research, up to 80% of cyberattacks now begin in the supply chain. Cybercriminals have realised that to target high-profile businesses, you don’t need to attack the organisation itself. Big corporate enterprises often have the best cybersecurity tools and processes, so breaching their defences is difficult.

However, the SMEs who supply or provide services to these big companies usually have far more modest defences. And, crucially, they provide a ‘backdoor’ into bigger organisations by being part of the supply chain. A breach at even the smallest link in the supply chain can have dire consequences for everyone within it. This makes SMEs a prime target for cybercriminals with an eye on big enterprises.

What you can do

The first thing to do is to ensure your business is as well protected as it can be. If you’re not sure where to start, getting Cyber Essentials certified is a great first step. Once you’re confident in your security talk to your partners and suppliers about their cybersecurity, you might be surprised at the problems you share. And, finally, when taking on new suppliers aim to work with businesses that are either Cyber Essentials certified or have a firm commitment to good cyber hygiene.

3. Ransomware

Ransomware is the new kid on the block when it comes to cyber threats for SMEs. Once a concern for big-name businesses with large budgets, ransomware is increasingly affecting SMEs as cybercriminals switch their focus to easier targets.

Sadly, this is also backed up by the statistics. 1 in 2 SMEs have been attacked by ransomware and more than 73% have paid up to get their data back. The consequences can be disastrous, ranging from company downtime to reputational damage and even bankruptcy.

What you can do

It might sound obvious, but the best approach to preventing a ransomware attack is to make sure your business isn’t an easy target. Again, completing the Cyber Essentials certification is a good starting point and can help protect you against most cyber threats. Beyond basic protections, it’s worth providing cyber awareness training to help your people spot a potential attack.

4. Weak passwords

Most of us know the importance of strong passwords, but that doesn’t stop us from using the same easily-guessable phrase we’ve been using since 2001 for everything. We’re only human after all.

The problem is this poses a huge security risk. It only takes a cybercriminal to crack one insecure password in your business for disaster to strike. But the good news is fixing it is simple.

What you can do

Set up a password policy and ensure everyone in the business follows it – this usually won’t take more than a few well-timed nudges and reminders. But what should go in the policy? Well, a strong password policy should have four key points:  

- Use complex passwords that are a combination of letters and symbols

- Change passwords regularly

- Use a different password for each account or software program

- Use two-factor authentication (2FA) wherever possible

5. Phishing attacks

Without a doubt, the most common cyber threat to small businesses is a phishing scam. A recent report from CybSafe, reveals that nearly half (43%) of UK SMEs were targeted by a phishing attempt in 2019. Even more alarmingly, two thirds (66%) of those attempts were successful, demonstrating the threat phishing scams pose.

What you can do

When it comes to preventing successful phishing attacks, education really is the key. Make sure everyone in your business can identify a bogus email or text message and ask employees to double-check the source of the request before they share any sensitive data.

Now that you know the five greatest cybersecurity risks, the question is: how will you prevent them?

CyberSmart is a company making cybersecurity simple and accessible to everyone. It provides an intelligent platform that implements and maintains Cyber Essentials certification and compliance, and has worked with Genie AI to provide training and security expertise.

Photo by Temple Cerulean on Unsplash