cybersecurity resolutions

2022 Cybersecurity Resolutions for SMEs

The start of a new year presents a perfect opportunity for SMEs to review their IT systems and when it comes to adopting positive new habits, cybersecurity is one area no business can afford to overlook.

IT breaches can compromise companies of all sizes, but their impact can be especially devastating for SMEs who usually lack the financial reserves, infrastructure and resources of larger firms.

The good news is, the risk of falling victim to many cyber security threats can be mitigated by making a few adjustments to workplace behaviour, as well as regularly educating employees so they stay cyber aware.

To help you get started, here are seven cybersecurity resolutions to adopt in 2022.


New Year Cybersecurity Resolutions for small businesses


1 – Enable multi-factor authorisation (MFA)

If you use banking apps and online payment facilities then you’re probably already familiar with the idea of multi-factor authentication (MFA). Put simply, MFA is a secondary level of security that requires more than just a password to confirm your identity and gain access to something.

It usually takes the form of a one-time password (OTP) sent to your email address or to a device you’ve pre-registered, such as a mobile phone. The OTP is typically a unique numerical code you’re prompted to enter after you’ve signed in using your username and password. It will only be valid for a short period of time.

If you’re looking for a simple but highly effective cybersecurity upgrade to make in the New Year then introducing multi-factor authentication is a perfect place to start. And if you already use MFA then make sure you have it enabled everywhere, including for any password management software you may be using.

2 – Undergo cybersecurity training

It may sound like a no brainer but when it comes to preventing a cyber security breach in your business, awareness is key. Hackers seek to exploit weaknesses and vulnerabilities and people are a great way in! So the more you can educate yourself and employees about risks and good practice behaviours, the better.

Undergoing regular cybersecurity training within your team is a great way to ensure that everyone is familiar with the latest threats and the ways in which they can protect your business. Even if you’ve previously undertaken cybersecurity training, it’s never a bad idea to refresh your knowledge, particularly if you have new team members who might not have been cybersecurity trained before.

We’ve recently put together a number of blogs on this topic, which may help you as a starting point:


3 – Penetration test your IT systems

If you really want to get on top of your cybersecurity in the New Year, you need to go through a process of identifying where the vulnerabilities are in your current IT systems, which hackers could potentially exploit. That’s where penetration testing comes in.

Penetration testing (or ‘pen’ testing for short) is where you test the integrity of your IT systems by essentially inviting a reputable IT professional to attempt to hack in. It’s a legitimate service conducted using penetration software or a penetration testing company.

Many businesses that develop IT systems actually use penetration testing before putting the products on the open market, specifically to ensure they’re as cyber secure as possible, but this is also a good practice for SMEs to get into. A penetration tester will prepare a report of their findings, detailing the actions they took and recommendations for appropriate actions needed to bolster cybersecurity and prevent a genuine attack in future.


4 – Get smarter about social engineering

Social engineering attacks are nothing new but with the pandemic shifting businesses out of the office and increasingly into home or hybrid working patterns, these types of scams are on the rise and also becoming increasingly hard to detect.

This nature of attack works by duping the recipient into believing they are receiving a communication (usually an email) from a legitimate source, such as an existing business contact, bank or government agency. The email may direct them to take certain actions, such as updating a password because of a security breach, which the recipient does willingly believing the communication to be authentic. Alternatively, the communication may contain a link that directs the user to a fake website, masquerading as the company the cybercriminal is imitating.

Social engineering attacks such as these present a cybersecurity risk to your business as they may infect your IT systems with malicious malware or ransomware or dupe an employee into sharing sensitive information. It only takes one member of staff to fall for the scam to put your business in jeopardy, so taking preventative steps to mitigate social engineering attacks should be a key focus for cybersecurity in 2022.


5 – Do regular back-ups (and make sure they work!)

Backing up your data is essential as a way to limit the damage and disruption to your business that may be caused by a successful cyberattack. It’s also good practice in the event that your business gets burgled, or your computer systems are compromised because of a natural disaster such as a flood or fire.

Having a back-up that’s stored off site allows you to reinstate your IT systems in the event of a data loss or system failure brought on by a cyber attack. It ensures that your business retains all of the important documentation and applications it holds, thereby mitigating any costly disruption to your operations.

The more regularly you back up, the less information you stand to lose. For example, while some businesses back-up weekly, others do it daily or even hourly. But crucially, the backups need to be secure – as there is no point having a backup that is also accessible or can be corrupted by a cyberattack.

Get into the habit of using encrypted cloud-based storage instead of saving documents to physical hard drives, as this will help to prevent a hacker from being able to access or read your data in the event they do penetrate your IT systems.


6 – Use a password manager

Using strong and unique passwords remains one the best defences against many cyber attacks. Despite this, more than half of people use the same passwords for both their work and personal accounts and use ones that are easy to guess. (Crazily the password “123456” is still used by 23 million account holders!).

Passwords are commonly leaked online by cybercriminals, and if you use the same password for multiple accounts then you leave yourself vulnerable across a multitude of systems. The best way to combat this is by changing your password regularly and never repeating the same password twice.

This can be very hard to do if you rely on memory (and you don’t want to be saving passwords on an excel sheet either!). This is especially true as we now need passwords to access most things nowadays.

One way to combat this is to use a password manager to store all your passwords, aiding you in changing them to something very difficult to crack. Then you only need to remember is one – the main one you need to access the password manager itself. As mentioned above, make sure you set multi-factor authorization for your password manager too, to keep access even more secure.

Remember, a strong password should contain numerals, alphabetical characters, a capital letter and at least one symbol. We’d also recommend avoiding anything that contains personal information such as birthdates, pet, children or partner names, and other identifying data such as your hometown, as hackers can easily find this information online or via your social media.


7 – Seek expert support

One of the best steps you can take to bolster your cyber defences is to seek the advice and support of an experienced and reputable, external technology expert, such as the team here at Dragon IS.

We can help reduce the risk of a cyberattack by making sure your IT systems are as robust as they need to be, taking both proactive and preventative steps to protect your business.

For more information, or to receive a tailored quote, please call our Dragon IS team on 0330 363 0055 or email