Cybersecurity health check for SMEs

Cybersecurity health check for SMEs


It feels like you can’t go a day without hearing about another business or organisation that has been successfully targeted by cyber attackers.

Ticketmaster recently became the victim of one of the biggest alleged breaches in history, following an attack that is thought to have compromised the personal details of a staggering 500 million customers worldwide. The group behind the attack also credited with having been responsible for a separate breach at banking giant Santander, involving the details of some 30 million customers.

But it’s not just big businesses who are under pressure.

From the NHS and Ministry of Defence to local councils, universities, schools and local businesses, cyber criminals are not picky. Every type and size of organisations is a potential target and payday for them.

Indeed, half of UK businesses and around a third of charities have experienced some form of cyber security breach or attack in the last 12 months. That’s according to the latest government statistics, which reveal phishing remains the most common strategy used by criminals.

Small and medium-sized enterprises (SMEs) who have yet to experience a cyberattack can often underestimate the potential financial impact such an attack might have, not to the mention the service disruption and reputational damage it might cause.

While so called ‘cyber hygiene’ – the use of practices designed to help keep data safe and secure and to guard against cyber threats – may be improving amongst SMEs, there is still a lot more that businesses could do to lower their risk.


Common cyber threats facing SMEs

Before we check how strong your existing defences may be, let’s take a quick look at some of the most common types of cyberattacks facing businesses today.

Ransomware: Ransomware attacks involve hackers encrypting a business’s data and demanding a ransom for its release. SMEs are often targeted because they may not have adequate backup systems in place, making them more likely to pay the ransom to regain access to their data.

Phishing: Phishing scams involve cybercriminals sending fraudulent emails or messages to trick employees into revealing sensitive information, such as login credentials or financial details. SMEs are particularly vulnerable to phishing attacks due to a lack of cybersecurity awareness and training among employees.

Malware: Malware is malicious software designed to infiltrate and damage computer systems. SMEs may be targeted by malware that can steal sensitive information, disrupt operations, or cause significant damage to their IT infrastructure.

DDoS Attacks: Distributed Denial of Service (DDoS) attacks overwhelm a business’s IT infrastructure with traffic, causing their systems to crash. This can lead to significant disruption to business operations and financial loss.

Supply Chain Attacks: Cybercriminals may target SMEs by exploiting vulnerabilities in their supply chain partners’ systems. This can lead to data breaches or other security incidents that can affect the entire supply chain.


10-point cybersecurity health quiz

How well informed and protected is your business to cope with the increasing cybersecurity threat? Here are 10 key areas to think about:


  1. Risk assessment:

– Have you conducted a comprehensive risk assessment to identify potential threats and vulnerabilities?

– Do you regularly review and update this assessment?


  1. Access controls:

– Are user accounts properly managed? (e.g., strong passwords, multi-factor authentication, facial or finger recognition for devices)

– Do you restrict access to sensitive data based on roles and responsibilities?


  1. Data protection:

– How do you handle customer data? Is it encrypted during storage and transmission?

– Do you have a data backup and recovery plan?

– Do you know all the locations where your data is stored and what type of data it is?

– Do you store all your backups off-site and only permit authorised people access to them?


  1. Software updates:

– Are your operating systems, applications, and antivirus software up to date?

– Do you promptly apply security patches?


  1. Employee awareness and training:

– Have you provided cybersecurity awareness training to your staff?

– Do employees know how to recognise phishing emails and how to report them?


  1. Incident response plan:

– Have you developed an incident response plan?

– Do employees know whom to contact in case of a security breach?


  1. Network security:

– Is your Wi-Fi network secured with WPA3 encryption?

– Have you segmented your network to isolate critical systems?


  1. Computer security

– Do you stop employees from using USB sticks and charging personal mobiles on your devices?

– Are screens set to lock automatically after a short period of inactivity?

– Do you prevent staff from using public WiFi connections?


  1. Email security

– Have you set up all 3 email security records (SPF, DKIM, DMARC) for your email domain to ensure scammers can’t impersonate your email addresses

– When you get an email request to change payment details for an invoice or salary, do you have a clear and easy process to check it’s a legitimate request?


  1. Supply chain security

– Do you assess every company in your supply chain to ensure they have good security practices in place?


How to enhance your cybersecurity


Given the significant risks posed by cyber threats, it is crucial for SMEs to implement robust cybersecurity measures. Here are some steps that you can take to better protect yourself:


  1. Invest in Cybersecurity Solutions: SMEs should invest in comprehensive cybersecurity solutions that provide enterprise-level security. This includes computer security, email security, password security, and backup and recovery systems.


  1. Employee Training: Regular cybersecurity awareness training is essential for all employees. SMEs should aim to educate staff on how to recognise and avoid phishing scams, the importance of strong passwords, and best practices for maintaining cybersecurity.


  1. Regular Security Assessments: SMEs should conduct regular security assessments to identify vulnerabilities and address them promptly. This includes evaluating IT infrastructure, software, and security protocols.


  1. Backup and Recovery: Implementing a robust backup and recovery system is crucial for protecting data in the event of a ransomware attack or other cyber incidents. SMEs should ensure that their data is regularly backed up and can be quickly restored if needed.


  1. Partner with cybersecurity experts: The cyberthreat is constantly evolving. By partnering with a team of experts (like ourselves here at Dragon IS), you can stay ahead of new and existing threats and ensure your cybersecurity measures are always up to date.

The cybersecurity threat to small and medium-sized businesses is real and growing. We advise all businesses to take proactive steps to protect themselves and safeguard their assets, data, and reputation.

By investing in cybersecurity solutions, educating employees, conducting regular security assessments, and partnering with experts, you can build a strong defence that support you to run your business with confidence.


Need expert IT support?

Here at Dragon IS, we work with small and medium sized businesses, helping them with a broad range of issues relating to their IT infrastructure and cybersecurity. Call us for an informal chat on 01908 613 080 or email


You may also be interested in: