How to improve SME security

How to improve SME security

What is SME security?

Before we explore how to improve SME security, it’s important to firstly understand what the abbreviation actually means. Standing for small and medium-sized enterprises, SME security is all about protecting independent, non-subsidiary businesses that employ fewer than 250 employees. It’s often assumed that only larger enterprises are a target of cyber attacks, but this is far from the truth. 

Data has revealed that there are 65,000 attempted cyber attacks on small and medium-sized enterprises in the UK every day, with 4,500 of these being successful. Not only this, 60% of SMEs who experienced cyber attacks didn’t recover and were forced to close their doors. These figures alone reveal how essential it is that any business, regardless of its size, needs measures and a contingency plan in place. If these regulations aren’t there, businesses will risk serious disruptions, reputational damage, poor relationships with third-parties, and potential data loss. 

What are the main cyber security threats for SMEs?

Data breaches

One of the first main cyber security threats for SMEs is a data breach, involving an organisation’s sensitive information being stolen or hacked, often resulting in the creation of phishing messages. The Cyber Security Breaches Survey 2021 revealed that 39% of small and 65% of medium-sized UK businesses were victims of a cyber security breach or attack in 2020, and with phishing attempts becoming more sophisticated by the day, it’s crucial that SMEs are on constant alert. 

Lack of preparation

68% of SMEs have been revealed to have no systematic approach when it comes to preventing cyber attacks, which causes major problems in the long run. Without planning for the worst, many businesses and their employees remain unaware of the potential security risks they face, leading to general carelessness. 

Inappropriate passwords

Another cyber security threat for SMEs that should never be overlooked is inappropriate passwords, meaning that they’re either very easily guessed or weak. Reports show that two thirds of data breaches are caused by weak passwords, allowing hackers to access sensitive information without much trouble. The effects of this are completely destructive, and can lead to business collapse. 


Small and medium-sized businesses are also at risk of malware attacks, caused by coding that hackers use to both access and destroy data. These can appear in the form accidental virus downloads through bugged websites, connecting to a device or network that’s already infected, and opening spam emails. Many organisations will permit their employees to bring their own devices to work, and without BYOD security guidelines in place, businesses risk device damage and costly repairs. 

Insider threat

SMEs can also be targeted as a result of insider threat, meaning sensitive information that’s accessed and misused by current or former employees. In a world where more than 34% of businesses around the world become victims of insider threat every year, businesses should start to treat both internal and external individuals as a potential risk. 

How to improve SME security

Backing up data

Avoid potential disaster by restoring your device with data backups, preventing the risk of major disruption to business operations. Whether data loss has been caused by an accident, a hard drive failure or as a result of ransomware attacks, the process of temporarily storing sensitive information in the cloud (for example) will make the road to recovery much smoother. 

Protect devices

For small and medium-sized businesses that are considering a BYOD policy (bring your own device), make yourself aware of the possible risks before enforcement. Communicate regularly with your employees so that they too understand how to safely operate and store data on these devices, warning them of websites, apps or networks to avoid. Always remember to make a record of any attacks that occur on a personal device, encouraging openness and acting with urgency in the event that this should happen. 

Secure passwords

In 2015, it was revealed that 21% had a password that was 10 years old, with a worrying number choosing “123456” or “password” to protect their devices. Of course, this is an absolute no go. Although these are easy to remember, this makes them just as easy to be guessed by cybercriminals. 

To create a strong, protective passcode, avoid using duplicates at all costs, and never store them in an obvious place, such as a Notes app. For more advice on password dos and don’ts, check out our previous blog post on how to create a secure password

For a workplace that’s thoroughly protected, you may wish to install a high-tech Access Control System to protect sensitive hardback files, or devices that store crucial information. Devices such as the Biometric Fingerprint Recognition System allow for a fast and easy entrance to your premises, whilst removing the need to create a written password. 

Workplace security culture

To maintain a security culture in your business, build your policies around trust, along with openness and honesty. In the event of a personal cyberattack, members of staff may become fearful of the consequences, risking a serious recovery delay. Make your employees aware that they can come to you at any time with their concerns, always communicating the security procedures that you have in place. In doing this, you're much more likely to protect your organisation and improve staff retention. 

Regular security training sessions are also encouraged, making your staff aware of what they should do in the event of an emergency, or of any recent updates that will affect their work. 

Assess your risks

As discussed previously, anyone (whether they’re internal or external), could be a potential risk to your business. Always be on the lookout for suspicious behaviour, thoroughly investigating any instances that appear to be out of the ordinary, including attempted attacks. Installing a commercial CCTV system not only acts as a major criminal deterrent, but you can monitor both the inside and the outside of your grounds constantly, even when you’re away from your desk. By securing your premises and using strong authentication for the devices that are stored there, you’re already much less likely to come under attack. 

For more advice on how to keep your business safe and secure, have a chat with our team of professionals today. We can work with you to protect both you and your members of staff at all times, covering all bases to put your mind at ease.